Vulnerabilities > Santa Cruz Operation

DATE CVE VULNERABILITY TITLE RISK
2007-12-04 CVE-2007-6232 Cross-Site Scripting vulnerability in FTP Admin 0.1.0
Cross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter in an error page action.
4.3
2007-09-18 CVE-2007-4938 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value.
7.6
2007-05-17 CVE-2007-2736 Remote File Include vulnerability in Achievo 1.1.0
PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.
network
low complexity
apple hp ibm linux microsoft santa-cruz-operation sun windriver achievo
critical
10.0
2007-05-16 CVE-2007-1898 Unspecified vulnerability in Jetbox CMS 2.1
formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters.
5.8
2007-04-24 CVE-2007-2191 HTML Injection vulnerability in Freepbx 2.2.1/2.2Rc1
Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, (3) Call-ID, (4) User-Agent, and unspecified other SIP protocol fields, which are stored in /var/log/asterisk/full and displayed by admin/modules/logfiles/asterisk-full-log.php.
6.8
2007-02-23 CVE-2006-7034 SQL-Injection vulnerability in Super Link Exchange Script Super Link Exchange Script 1.0
SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter.
7.5
2007-02-21 CVE-2007-1043 Authentication Bypass vulnerability in Ezboo Webstats 3.0.3
Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php.
7.5