CVSS: 6.1EPSS: 7%CPEs: 2EXPL: 4CVE-2020-25495 – SCO Openserver 5.0.7 - 'section' Reflected XSS
https://notcve.org/view.php?id=CVE-2020-25495
18 Dec 2020 — A reflected Cross-site scripting (XSS) vulnerability in Xinuo (formerly SCO) Openserver version 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section'. Una vulnerabilidad de tipo Cross-site scripting (XSS) reflejado en Xinuo (anteriormente SCO) Openserver versiones 5 y 6, permite a atacantes remotos inyectar un script web arbitrario o una etiqueta HTML por medio del parámetro "section" SCO Openserver version 5.0.7 suffers from a cross site scripting vulnerabil... • https://packetstorm.news/files/id/160634 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 58%CPEs: 2EXPL: 4CVE-2020-25494 – SCO Openserver 5.0.7 - 'outputform' Command Injection
https://notcve.org/view.php?id=CVE-2020-25494
18 Dec 2020 — Xinuos (formerly SCO) Openserver v5 and v6 allows attackers to execute arbitrary commands via shell metacharacters in outputform or toclevels parameter to cgi-bin/printbook. Xinuos (anteriormente SCO) Openserver versiones v5 y v6, permite a atacantes ejecutar comandos arbitrarios por medio de metacaracteres de shell en los parámetros outputform o toclevels en cgi-bin/printbook SCO Openserver version 5.0.7 suffers from a command injection vulnerability. • https://packetstorm.news/files/id/160635 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.1EPSS: 7%CPEs: 127EXPL: 1CVE-2005-3624
https://notcve.org/view.php?id=CVE-2005-3624
31 Dec 2005 — The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 11%CPEs: 127EXPL: 1CVE-2005-3625
https://notcve.org/view.php?id=CVE-2005-3625
31 Dec 2005 — Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 9%CPEs: 127EXPL: 1CVE-2005-3626
https://notcve.org/view.php?id=CVE-2005-3626
31 Dec 2005 — Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt • CWE-399: Resource Management Errors •