CVE-2020-25495 – SCO Openserver 5.0.7 - 'section' Reflected XSS
https://notcve.org/view.php?id=CVE-2020-25495
A reflected Cross-site scripting (XSS) vulnerability in Xinuo (formerly SCO) Openserver version 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section'. Una vulnerabilidad de tipo Cross-site scripting (XSS) reflejado en Xinuo (anteriormente SCO) Openserver versiones 5 y 6, permite a atacantes remotos inyectar un script web arbitrario o una etiqueta HTML por medio del parámetro "section" SCO Openserver version 5.0.7 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/49300 http://packetstormsecurity.com/files/160634/SCO-Openserver-5.0.7-Cross-Site-Scripting.html https://github.com/Ramikan/Vulnerabilities/blob/master/SCO%20Openserver%20XSS%20%26%20HTML%20Injection%20vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-25494 – SCO Openserver 5.0.7 - 'outputform' Command Injection
https://notcve.org/view.php?id=CVE-2020-25494
Xinuos (formerly SCO) Openserver v5 and v6 allows attackers to execute arbitrary commands via shell metacharacters in outputform or toclevels parameter to cgi-bin/printbook. Xinuos (anteriormente SCO) Openserver versiones v5 y v6, permite a atacantes ejecutar comandos arbitrarios por medio de metacaracteres de shell en los parámetros outputform o toclevels en cgi-bin/printbook SCO Openserver version 5.0.7 suffers from a command injection vulnerability. • https://www.exploit-db.com/exploits/49301 http://packetstormsecurity.com/files/160635/SCO-Openserver-5.0.7-Command-Injection.html https://github.com/Ramikan/Vulnerabilities/blob/master/SCO%20Openserver%20OS%20Command%20Injection%20Vulnerability • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2006-0072 – SCO OpenServer 5.0.7 - 'termsh' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2006-0072
Buffer overflow in termsh on SCO OpenServer 5.0.7 allows remote attackers to execute arbitrary code via a long -o command line argument. NOTE: this is probably a different vulnerability than CVE-2005-0351 since it involves a distinct attack vector. • https://www.exploit-db.com/exploits/1402 http://downloads.securityfocus.com/vulnerabilities/exploits/Openserver_bof.c http://www.securityfocus.com/archive/1/420677 http://www.securityfocus.com/bid/16122 •
CVE-2005-3626
https://notcve.org/view.php?id=CVE-2005-3626
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html http://rhn.redhat.com/errata/RHSA-2006-0177.html http://scary.beasts.org/security/CESA-2005-003.txt http://secunia.com/ • CWE-399: Resource Management Errors •
CVE-2005-3625
https://notcve.org/view.php?id=CVE-2005-3625
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html http://rhn.redhat.com/errata/RHSA-2006-0177.html http://scary.beasts.org/security/CESA-2005-003.txt http://secunia.com/ • CWE-399: Resource Management Errors •