Twenty Year Anniversary
Showing 1 - 25 of 49 RSS Feed

Files from Kevin Kotas

First Active2002-05-01
Last Active2018-05-03
CA Spectrum 10.1.x / 10.2.x Denial Of Service
Posted May 3, 2018
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies Support is alerting customers to a potential risk with CA Spectrum. A vulnerability exists that can allow an unauthenticated remote attacker to cause a denial of service. CA has solutions to resolve the vulnerability. The vulnerability occurs due to how a Spectrum network service handles invalid data. A remote attacker can send a request that may disrupt a Spectrum service and potentially cause further product instability.

tags | advisory, remote, denial of service
advisories | CVE-2018-6589
MD5 | 3305334f51bc4da75df2dff0c5447f72
CA API Developer Portal Cross Site Scripting
Posted Mar 29, 2018
Authored by Kevin Kotas, Alphan Yavas | Site www3.ca.com

CA Technologies Support is alerting customers to multiple potential risks with CA API Developer Portal. Multiple vulnerabilities exist that can allow a remote attacker to conduct cross-site scripting attacks.

tags | advisory, remote, vulnerability, xss
advisories | CVE-2018-6586, CVE-2018-6587, CVE-2018-6588
MD5 | 0737c71884c5955401974ead815b5413
CA Identity Governance 12.6 Cross Site Scripting
Posted Nov 15, 2017
Authored by Kevin Kotas, Jake Miller | Site www3.ca.com

CA Identity Governance version 12.6 suffers from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2017-9394
MD5 | 7c4935db1c428ebb3f1a77dfde5c5a8b
CA Client Automation OS Installation Management Insecure Storage
Posted May 7, 2017
Authored by Kevin Kotas | Site www3.ca.com

A vulnerability exists due to insecure storage of account credentials used by OS Installation Management during operating system installation. A local attacker can potentially access a sensitive file containing account credentials and decrypt a password. Depending on the privileges associated with the credentials, an attacker can potentially gain further access. This vulnerability only affects operating system installations created by CA Client Automation with OS Installation Management. Versions affected include CA Client Automation r14.0, r14.0 SP1 and CA Client Automation r12.9.

tags | advisory, local
advisories | CVE-2017-8391
MD5 | e4ca172ffb35ae03e75e26a740f6a6f7
CA Common Services casrvc Privilege Escalation
Posted Jan 28, 2017
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies support is alerting customers about a medium risk vulnerability that may allow a local attacker to gain additional privileges with products using CA Common Services running on the AIX, HP-UX, Linux, and Solaris platforms. The vulnerability, CVE-2016-9795, occurs due to insufficient validation by the casrvc program. A local unprivileged user can exploit the vulnerability to modify arbitrary files, which can potentially allow a local attacker to gain root level access.

tags | advisory, arbitrary, local, root
systems | linux, solaris, aix, hpux
advisories | CVE-2016-9795
MD5 | c33651df09a1bf032369d8e33acf84d5
CA Service Desk Manager 12.9 / 14.1 Information Disclosure
Posted Jan 13, 2017
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies support is alerting customers to a potential risk with CA Service Desk Manager. A vulnerability exists in RESTful web services that can potentially allow a remote authenticated attacker to view or modify sensitive information. Fixes are available. The vulnerability is due to incorrect permissions being applied to certain RESTful requests that can allow a malicious user to view or update task information. This vulnerability only affects CA Service Desk Manager installations with RESTful web services running.

tags | advisory, remote, web
advisories | CVE-2016-10086
MD5 | e6795fd40cf17e8f082e4509523f6452
CA eHealth Denial Of Service / Code Execution
Posted Jul 22, 2016
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies Support is alerting customers to multiple potential risks with CA eHealth. Two vulnerabilities exist in the web interface that can allow a remote authenticated attacker to cause a denial of service condition or possibly execute arbitrary commands. CA technologies assigned a High risk rating to these vulnerabilities. CA has a solution available.

tags | advisory, remote, web, denial of service, arbitrary, vulnerability
advisories | CVE-2016-6151, CVE-2016-6152
MD5 | f7990d61d3ee66e05bab70896370a561
Release Automation XSS / XXE Injection
Posted Jul 1, 2016
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies Support is alerting customers to multiple potential risks with CA Release Automation. Three vulnerabilities exist that can allow a remote attacker to potentially gain sensitive information or cause a denial of service condition. CA has fixes available. The first vulnerability occurs due to the inclusion of a vulnerable 3rd party component, Open Flash Chart. A remote attacker can conduct cross-site scripting attacks The second vulnerability occurs due to insufficient verification of requests to the web server, which can lead to limited XML external entity attacks. An authenticated attacker in the local network can potentially gain sensitive information or cause a denial of service condition. The third vulnerability occurs due to insufficient verification of requests to the web interface, which leads to multiple reflected cross-site scripting vulnerabilities and one stored cross-site scripting vulnerability.

tags | advisory, remote, web, denial of service, local, vulnerability, xss, xxe
advisories | CVE-2015-7370, CVE-2015-8698, CVE-2015-8699
MD5 | f6d030c18747403480c3e9413f8b9f1a
CA API Gateway CRLF Injection
Posted Apr 6, 2016
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies Support is alerting customers to a Medium risk vulnerability with CA API Gateway (formerly known as Layer7 API Gateway). A vulnerability exists in CA API Gateway that may allow a remote unauthenticated attacker to conduct CRLF Injection attacks in limited network configurations. CA has fixes available. Versions affected include 7.1, 8.0, 8.1, 8.2, 8.3, and 8.4.

tags | advisory, remote
advisories | CVE-2016-3118
MD5 | a6679d19cd1e828fdaa46caf67762c6e
CA Single Sign-On Web Agents Information Disclosure / Denial Of Service
Posted Mar 23, 2016
Authored by Kevin Kotas, Michael Brooks | Site www3.ca.com

CA Technologies Support is alerting customers to potential risks with CA Single Sign-On (CA SSO), formerly known as CA SiteMinder. Michael Brooks of BishopFox alerted CA to vulnerabilities that can allow a remote attacker to cause a denial of service or possibly gain sensitive information. CA has fixes that address the vulnerabilities.

tags | advisory, remote, denial of service, vulnerability
advisories | CVE-2015-6853, CVE-2015-6854
MD5 | ea6cfd50604423801445013893f8aff9
CA Common Services Privilege Escalation
Posted Jun 5, 2015
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies Support is alerting customers to multiple potential risks with products that bundle CA Common Services on Unix/Linux platforms. A local attacker may exploit these vulnerabilities to gain additional privileges.

tags | advisory, local, vulnerability
systems | linux, unix
advisories | CVE-2015-3316, CVE-2015-3317, CVE-2015-3318
MD5 | 500ed8ac26e52334869f7e53ff7aeb0d
Security Notice For CA Spectrum
Posted Apr 8, 2015
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies Support is alerting customers to multiple potential risks with CA Spectrum. Two vulnerabilities exist that can potentially allow a remote authenticated attacker to gain sensitive information or escalate privileges. The first issue is a stored cross-site scripting vulnerability which occurs due to insufficient validation of requests. An authenticated remote attacker can potentially execute script with increased privileges. The second issue occurs due to insufficient validation of data sent using serialized Java objects. A remote authenticated attacker can potentially gain administrative privileges on the host.

tags | advisory, java, remote, vulnerability, xss
advisories | CVE-2015-2827, CVE-2015-2828
MD5 | 11874b4e3615f10b3fefd64f5889974a
CA Cloud Service Management Replay / XXE / Token Verification
Posted Nov 7, 2014
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies Support is alerting customers to four resolved vulnerabilities with CA Cloud Service Management. Four vulnerabilities existed that could potentially allow a remote attacker to access user sessions, gain sensitive information, or cause a denial of service condition. CA Technologies fixed these vulnerabilities in all production environments as part of the Cloud Service Management Summer 2014 Upgrade.

tags | advisory, remote, denial of service, vulnerability
advisories | CVE-2014-8471, CVE-2014-8472, CVE-2014-8473, CVE-2014-8474
MD5 | 7f90b23d1d5c4571487da03c4e2f0d98
CA Erwin Web Portal 9.5 Directory Traversal
Posted Apr 3, 2014
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies Support is alerting customers to multiple vulnerabilities with CA Erwin Web Portal version 9.5. The vulnerabilities occur due to insufficient path verification. A remote unauthenticated attacker can use directory traversal attacks to gain sensitive information, cause a denial of service condition, gain additional access, or potentially execute arbitrary code.

tags | advisory, remote, web, denial of service, arbitrary, vulnerability
advisories | CVE-2014-2210
MD5 | d6b8a3c1960050898c12c57a99cd6c82
CA SiteMinder Cross Site Scripting
Posted Oct 25, 2013
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies Support is alerting customers to a potential vulnerability in CA SiteMinder that can be mitigated by utilizing existing product functionality. The vulnerability can potentially allow a remote attacker to conduct a cross-site scripting attack and execute script in the security context of the SiteMinder domain. Customers should review their SiteMinder deployments to verify that the vulnerability mitigating functionality is enabled. Versions 12.51, 12.5, 12.0 and 6 Web Agents are affected.

tags | advisory, remote, web, xss
advisories | CVE-2013-5968
MD5 | a67e6e53d3eb53028b319d4a9f339822
CA Service Desk Manager Cross Site Scripting
Posted Jul 26, 2013
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies Support is alerting customers to a potential risk with CA Service Desk Manager. A vulnerability exists that can allow a remote attacker to conduct cross-site scripting attacks. CA Technologies published patches to address the vulnerability. The vulnerability occurs due to insufficient verification of URL query string parameters. An attacker, who can have an unsuspecting user follow a carefully constructed URL, may perform various cross-site scripting attacks.

tags | advisory, remote, xss
advisories | CVE-2013-2630
MD5 | 0c9e1a36b3ca4e1d6c07af8199226dd7
Security Notice For CA Process Automation (CA PAM)
Posted May 29, 2013
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies support is alerting customers to a vulnerability with CA Process Automation (CA PAM). The vulnerability occurs in the bundled JBoss Seam component. A remote attacker can execute arbitrary code.

tags | advisory, remote, arbitrary
advisories | CVE-2010-1871
MD5 | d5bb1287594da3517eb9920e43aa03f4
Security Notice For CA ControlMinder - Update
Posted Apr 30, 2013
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies support is alerting customers to a potential risk with CA ControlMinder. A vulnerability exists that can allow a remote attacker to execute arbitrary code. CA has issued remediation to address the vulnerability. The vulnerability occurs due to the default JBoss Application Server configuration not correctly enforcing authentication. A remote attacker can bypass authentication, which may result in arbitrary code execution and server compromise. This vulnerability only affects the server components.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2010-0738
MD5 | ccdd7b27926890f3014dc5a7a13caab2
Security Notice For SiteMinder Products Using SAML
Posted Mar 20, 2013
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies support is alerting customers to a potential risk with certain CA SiteMinder products that implement Security Assertion Markup Language (SAML). Multiple vulnerabilities exist that can possibly allow a remote attacker to gain additional privileges. The vulnerabilities concern the verification of XML signatures on SAML statements. An attacker can perform various attacks to impersonate another user in the single sign-on system.

tags | advisory, remote, vulnerability
advisories | CVE-2013-2279
MD5 | 2c05e064fcd55661b5a54708533261be
Security Notice For CA ControlMinder
Posted Feb 13, 2013
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies Support is alerting customers to a potential risk with CA ControlMinder. A vulnerability exists that can allow a remote attacker to execute arbitrary code. CA has issued remediation to address the vulnerability. The vulnerability occurs due to the default JBoss Application Server configuration not correctly enforcing authentication. A remote attacker can bypass authentication, which may result in arbitrary code execution and server compromise. This vulnerability only affects the server components.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2010-0738
MD5 | 2df3dc3c9fdf0b40da80c8eb93d91be1
Security Notice For CA ARCserve Backup
Posted Jan 15, 2013
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies support is alerting customers to multiple risks with certain CA ARCserve Backup RPC services. Two vulnerabilities exist that can allow a remote attacker to execute arbitrary code or cause a denial of service condition. The first vulnerability occurs due to a flaw with how RPC requests are processed. An attacker can potentially execute arbitrary code or cause a denial of service on server installations. The second vulnerability occurs due to insufficient validation of certain RPC requests and exploitation can result in a service crash. This vulnerability affects both server and agent installations. This advisory is an updated version of the originally release CA20121018-01.

tags | advisory, remote, denial of service, arbitrary, vulnerability
advisories | CVE-2012-2971, CVE-2012-2972
MD5 | 3d630d3fb30e853809b8271db41f4cad
CA XCOM Data Transport Command Execution
Posted Dec 6, 2012
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies Support is alerting customers to a potential risk with CA XCOM Data Transport. A vulnerability exists that can allow a remote attacker to execute arbitrary commands. CA Technologies has issued patches to address the vulnerability. The vulnerability occurs due to insufficient verification of requests. A remote attacker can send a carefully constructed request to execute arbitrary commands and compromise the server.

tags | advisory, remote, arbitrary
advisories | CVE-2012-5973
MD5 | 9dc9416367af102b823599a9d8eb7f3e
CA ARCserve Backup Security Notice
Posted Oct 20, 2012
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies support is alerting customers to multiple risks with certain CA ARCserve Backup RPC services. Two vulnerabilities exist that can allow a remote attacker to execute arbitrary code or cause a denial of service condition. The first vulnerability occurs due to a flaw with how RPC requests are processed. An attacker can potentially execute arbitrary code or cause a denial of service on server installations. The second vulnerability occurs due to insufficient validation of certain RPC requests and exploitation can result in a service crash. This vulnerability affects both server and agent installations.

tags | advisory, remote, denial of service, arbitrary, vulnerability
advisories | CVE-2012-2971, CVE-2012-2972
MD5 | a60187b71ac12271d372dbd4758b3098
CA ARCserve Backup Denial Of Service
Posted Mar 21, 2012
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies Support is alerting customers to a potential risk with CA ARCserve Backup for Windows. A vulnerability exists that can allow a remote attacker to cause a denial of service condition. CA Technologies has issued fixes to address the vulnerability. The vulnerability occurs due to insufficient validation of certain network requests. An attacker can potentially use the vulnerability to disable network services.

tags | advisory, remote, denial of service
systems | windows
advisories | CVE-2012-1662
MD5 | f8325b503bd312a6db4fa62bb3f3e7e6
CA Directory Insufficient Bounds Checking
Posted Nov 17, 2011
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies Support is alerting customers to a potential risk with CA Directory. A vulnerability exists that can allow a remote attacker to cause a denial of service condition. Remediation is available to address the vulnerability. The vulnerability occurs due to insufficient bounds checking. A remote attacker can send a SNMP packet that can cause a crash.

tags | advisory, remote, denial of service
advisories | CVE-2011-3849
MD5 | 914494bd4245b28b5e156d761a1640b8
Page 1 of 2
Back12Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

July 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    1 Files
  • 2
    Jul 2nd
    26 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    13 Files
  • 6
    Jul 6th
    4 Files
  • 7
    Jul 7th
    4 Files
  • 8
    Jul 8th
    1 Files
  • 9
    Jul 9th
    16 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    32 Files
  • 12
    Jul 12th
    22 Files
  • 13
    Jul 13th
    15 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    1 Files
  • 16
    Jul 16th
    21 Files
  • 17
    Jul 17th
    15 Files
  • 18
    Jul 18th
    15 Files
  • 19
    Jul 19th
    17 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close