nic

3 exploits Active since Aug 2003
CVE-2026-47273 WRITEUP MEDIUM WRITEUP
pam_usb: XPath injection via PAM-supplied identifiers in pam_usb configuration queries
pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pam_usb builds XPath expressions from user-supplied identifiers (PAM username, service name) and device-supplied identifiers (USB device serial, model, vendor) to query /etc/pamusb.conf. These identifiers were not validated for XPath metacharacters, allowing injection of arbitrary XPath predicates. This vulnerability is fixed in 0.9.0.
CVSS 6.5
CVE-2026-47274 WRITEUP MEDIUM WRITEUP
pam_usb: Uncontrolled search path in pam_usb tools allows privilege escalation via PATH manipulation
pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, multiple pam_usb helper tools resolved external binaries through the PATH environment variable rather than using absolute paths. An attacker who can influence the process environment during PAM authentication or tool execution could substitute malicious binaries. The affected tools are pamusb-check (src/tmux.c), pamusb-conf (tools/pamusb-conf), and pamusb-keyring-unlock-gnome (tools/pamusb-keyring-unlock-gnome). This vulnerability is fixed in 0.9.0.
CVSS 6.3
CVE-2003-0584 EXPLOITDB c WORKING POC
BRU < 17.0 - Local Format String Vulnerability via Command Line Argument
Format string vulnerability in Backup and Restore Utility for Unix (BRU) 17.0 and earlier, when running setuid, allows local users to execute arbitrary code via format string specifiers in a command line argument.