| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Some packaging commands in SCO UnixWare 7.1.0 have insecure privileges, which allows local users to add or remove software packages. |
| Format string vulnerability in the search97.cgi CGI script in SCO help http server for Unixware 7 allows remote attackers to execute arbitrary commands via format characters in the queryText parameter. |
| The timed program (in.timed) in UnixWare 7 and OpenUnix 8.0.0 does not properly terminate certain strings with a null, which allows remote attackers to cause a denial of service. |
| Unknown vulnerability in chroot on SCO UnixWare 7.1.1 through 7.1.4 allows local users to escape the chroot jail and conduct unauthorized activities. |
| Buffer overflow in UnixWare xauto program allows local users to gain root privilege. |
| The SCO UnixWare privileged process system allows local users to gain root privileges by using a debugger such as gdb to insert traps into _init before the privileged process is executed. |
| Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases. |
| FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce. |
| Delete or create a file via rpc.statd, due to invalid information. |
| Command execution in Sun systems via buffer overflow in the at program. |
| Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto. |
| Vulnerability in "at" program in SCO UNIX 4.2 and earlier allows local users to gain root access. |
| Buffer overflow in UnixWare i2odialogd daemon allows remote attackers to gain root access via a long username/password authorization string. |
| Vulnerability in xserver in SCO UnixWare 2.1.x and OpenServer 5.05 and earlier allows an attacker to cause a denial of service which prevents access to reserved port numbers below 1024. |
| Buffer overflow in mscreen on SCO OpenServer 5.0 and SCO UNIX 3.2v4 allows a local user to gain root access via (1) a long TERM environmental variable and (2) a long entry in the .mscreenrc file. |
| The search97cgi/vtopic" in the UnixWare 7 scohelphttp webserver allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
| RPC portmapper (rpcbind) in SCO UnixWare 7.1.1 m5, 7.1.3 mp5, and 7.1.4 mp2 allows remote attackers or local users to cause a denial of service (lack of response) via multiple invalid portmap requests. |
| The X server in SCO UnixWare 7.1.1, 7.1.3, and 7.1.4 does not properly create socket directories in /tmp, which could allow attackers to hijack local sockets. |
| Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages. |
| pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call. |
