MidnightBSD

Advisories for x2go

CVE-2013-4376 HIGH

The setgid wrapper libx2go-server-db-sqlite3-wrapper.c in X2Go Server before 4.0.0.2 allows remote attackers to execute arbitrary code via unspecified vectors, related to the path to libx2go-server-db-sqlite3-wrapper.pl.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
x2go x2go_server *
x2go x2go_server 4.0.0.0
CVE-2013-7383 HIGH

x2gocleansessions in X2Go Server before 4.0.0.8 and 4.0.1.x before 4.0.1.10 allows remote authenticated users to gain privileges via unspecified vectors, possibly related to backticks.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
x2go x2go_server 4.0.0.1
x2go x2go_server 4.0.0.3
x2go x2go_server 4.0.1.4
x2go x2go_server 4.0.1.5
x2go x2go_server 4.0.0.4
x2go x2go_server 4.0.1.6
x2go x2go_server *
x2go x2go_server 4.0.1.7
x2go x2go_server 4.0.1.9
x2go x2go_server 4.0.1.1
x2go x2go_server 4.0.0.2
x2go x2go_server 4.0.1.3
x2go x2go_server 4.0.0.6
x2go x2go_server 4.0.1.0
x2go x2go_server 4.0.0.0
x2go x2go_server 4.0.1.8
x2go x2go_server 4.0.1.2