| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The directory manager in Caldera 9.20 allows remote attackers to conduct variable-injection attacks in the global scope via (1) the maindir_hotfolder parameter to dirmng/index.php, or an unspecified parameter to (2) PPD/index.php, (3) dirmng/docmd.php, or (4) dirmng/param.php. |
| costview3/xmlrpc_server/xmlrpc.php in CostView in Caldera 9.20 allows remote attackers to execute arbitrary commands via shell metacharacters in a methodCall element in a PHP XMLRPC request. |
| Directory traversal vulnerability in dirmng/index.php in Caldera 9.20 allows remote attackers to access arbitrary directories via a crafted pathname. |
| Multiple SQL injection vulnerabilities in Caldera 9.20 allow remote attackers to execute arbitrary SQL commands via the tr parameter to (1) costview2/jobs.php or (2) costview2/printers.php. |
| Buffer overflow in procmail before version 3.12 allows remote or local attackers to execute commands via expansions in the procmailrc configuration file. |
| A vulnerability in Caldera Open Administration System (COAS) allows the /etc/shadow password file to be made world-readable. |
| Local users can start Sendmail in daemon mode and gain root privileges. |
| Buffer overflow in sar for OpenServer 5.0.5 allows local users to gain root privileges via a long -o parameter. |
| XFree86 xfs command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service. |
| The debug option in Caldera Linux smail allows remote attackers to execute commands via shell metacharacters in the -D option for the rmail command. |
| Vulnerability in Caldera rmt command in the dump package 0.4b4 allows a local user to gain root privileges. |
| Buffer overflow in fdmount on Linux systems allows local users in the "floppy" group to execute arbitrary commands via a long mountpoint parameter. |
| Linux gpm program allows local users to cause a denial of service by flooding the /dev/gpmctl device with STREAM sockets. |
| Some telnet clients allow remote telnet servers to request environment variables from the client that may contain sensitive information, or remote web servers to obtain the information via a telnet: URL. |
| docview before 1.0-15 allows remote attackers to execute arbitrary commands via shell metacharacters that are processed when converting a man page to a web page. |
| Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via macro variables in a message file. |
| Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote attackers to bypass firewall rules by brute force guessing the cookie. |
| Buffer overflow in uidadmin in Caldera Open Unix 8.0.0 and UnixWare 7 allows local users to gain root privileges via a long -S (scheme) command line argument. |
| Buffer overflow in uucp utilities in UnixWare 7 allows local users to execute arbitrary code via long command line arguments to (1) uucp, (2) uux, (3) bnuconvert, (4) uucico, (5) uuxcmd, or (6) uuxqt. |
| Format string vulnerability in the error logging code of DHCP server and client in Caldera Linux allows remote attackers to execute arbitrary commands. |
