exploit the possibilities
Showing 1 - 25 of 77 RSS Feed

Files from Ken Williams

Email addressjames.williams at ca.com
First Active2005-08-05
Last Active2019-01-24
CA Automic Workload Automation 12.x Cross Site Scripting
Posted Jan 24, 2019
Authored by Ken Williams, Marc Nimmerrichte | Site www3.ca.com

CA Technologies Support is alerting customers to a potential risk with CA Automic Workload Automation Automic Web Interface (AWI). A vulnerability exists that can allow an attacker to potentially conduct persistent cross site scripting (XSS) attacks. The vulnerability has a medium risk rating and concerns insufficient output sanitization, which can allow an attacker to potentially conduct persistent cross site scripting (XSS) attacks. Versions 12.0, 12.1 and 12.2 are affected.

tags | advisory, web, xss
advisories | CVE-2019-6504
MD5 | 7a2927d39fb28bb1d5fe04e9edcc54d3
CA Release Automation Code Execution
Posted Aug 31, 2018
Authored by Ken Williams, Jakub Palaczynski, Maciej Grabiec | Site www3.ca.com

CA Technologies Support is alerting customers to a potential risk with CA Release Automation. A vulnerability exists that can allow an attacker to potentially execute arbitrary code. The vulnerability has a high risk rating and concerns insecure deserialization of a specially crafted serialized object, which can allow an attacker to potentially execute arbitrary code.

tags | advisory, arbitrary
advisories | CVE-2018-15691
MD5 | 692472172e7ba35b88ea1105d50b881e
CA Unified Infrastructure Management Hardcoded Credentials / Missing Authentication
Posted Aug 31, 2018
Authored by Ken Williams, Oystein Middelthun | Site www3.ca.com

CA Technologies Support is alerting customers to multiple potential risks with CA Unified Infrastructure Management. Multiple vulnerabilities exist that can allow an attacker, who has access to the network on which CA UIM is running, to run arbitrary CA UIM commands on machines where the CA UIM probes are running. An attacker can also gain access to other machines running CA UIM and access the filesystems of those machines. The first vulnerability, has a medium risk rating and concerns a hardcoded secret key, which can allow an attacker to access sensitive information. The second vulnerability has a medium risk rating and concerns a hardcoded passphrase, which can allow an attacker to access sensitive information. The third vulnerability has a high risk rating and concerns a lack of authentication, which can allow a remote attacker to conduct a variety of attacks, including file reading/writing. Affected versions include 8.5.1, 8.5, and 8.4.7.

tags | advisory, remote, arbitrary, vulnerability
advisories | CVE-2018-13819, CVE-2018-13820, CVE-2018-13821
MD5 | 6e99f3fdbc87760f71a42c271a8fbbfb
CA Privileged Access Manager 2.x Code Execution
Posted Jun 15, 2018
Authored by Ken Williams | Site www3.ca.com

CA Technologies Support is alerting customers to multiple potential risks with CA Privileged Access Manager. Multiple vulnerabilities exist that can allow a remote attacker to conduct a variety of attacks. These risks include seven vulnerabilities privately reported within the past year to CA Technologies by security researchers, and nine vulnerabilities for Xceedium Xsuite that were publicly disclosed in July 2015. CA Technologies acquired Xceedium in August 2015, and Xceedium products were renamed and became part of Privileged Access Management solutions from CA Technologies. Sixteen vulnerabilities are outlined in this advisory.

tags | advisory, remote, vulnerability
advisories | CVE-2015-4664, CVE-2015-4665, CVE-2015-4666, CVE-2015-4667, CVE-2015-4668, CVE-2015-4669, CVE-2018-9021, CVE-2018-9022, CVE-2018-9023, CVE-2018-9024, CVE-2018-9025, CVE-2018-9026, CVE-2018-9027, CVE-2018-9028, CVE-2018-9029
MD5 | 8793d6b4fbbc8bb4ec067277c966101b
CA Workload Automation AE / CA Workload Control Center SQL Injection / Code Execution
Posted Mar 30, 2018
Authored by Ken Williams | Site www3.ca.com

CA Technologies Support is alerting customers to two potential risks with CA Workload Automation AE and CA Workload Control Center. Two vulnerabilities exist that can allow a remote attacker to conduct SQL injection attacks or execute code remotely. The first vulnerability in CA Workload Automation AE has a medium risk rating and concerns insufficient data validation that can allow an authenticated remote attacker to conduct SQL injection attacks. The second vulnerability in CA Workload Control Center has a high risk rating and concerns an Apache MyFaces configuration that can allow an authenticated remote attacker to conduct remote code execution attacks.

tags | advisory, remote, vulnerability, code execution, sql injection
advisories | CVE-2018-8953, CVE-2018-8954
MD5 | 935c0394f16b00a60479a80993828cee
CA Unified Infrastructure Management Bypass / Traversal / Disclosure
Posted Nov 10, 2016
Authored by Ken Williams | Site www3.ca.com

CA Technologies Support is alerting customers to three vulnerabilities in CA Unified Infrastructure Management (formerly CA Nimsoft). The first vulnerability, CVE-2016-9165, involves insecure handling of sessions IDs. A remote attacker can potentially acquire a session ID and bypass authentication or elevate privileges. The second vulnerability, CVE-2016-9164, is a path traversal information disclosure vulnerability associated with the diag.jsp file. A remote attacker can potentially access sensitive information. The third vulnerability, CVE-2016-5803, is a path traversal information disclosure vulnerability associated with the download_lar.jsp file. A remote attacker can potentially access sensitive information. CA Technologies has assigned Medium and High risk ratings to these vulnerabilities. Solutions are available.

tags | advisory, remote, vulnerability, info disclosure
advisories | CVE-2016-5803, CVE-2016-9164, CVE-2016-9165
MD5 | 829d71aec833a22d3ecee12345fd5fe6
CA Service Desk Manaager 12.9 / 14.1 Code Execution
Posted Nov 10, 2016
Authored by Ken Williams | Site www3.ca.com

CA Technologies Support is alerting customers to a vulnerability in CA Service Desk Manager (formerly CA Service Desk). A reflected cross site scripting vulnerability, CVE-2016-9148, exists in the QBE.EQ.REF_NUM parameter of the SDM web interface. A remote attacker, who can trick a user into clicking on or visiting a specially crafted link, could potentially execute arbitrary code on the targeted user's system. CA Technologies has assigned a Medium risk rating to this vulnerability. A solution is available.

tags | advisory, remote, web, arbitrary, xss
advisories | CVE-2016-9148
MD5 | b19dab558799222fe5896e758ea4ad6a
CA LISA Release Automation Security Notice
Posted Dec 16, 2014
Authored by Ken Williams | Site www3.ca.com

CA Release Automation (formerly CA LISA Release Automation) suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities. Versions 4.7.1 Build 413 and earlier are affected.

tags | advisory, remote, vulnerability, xss, sql injection, csrf
advisories | CVE-2014-8246, CVE-2014-8247, CVE-2014-8248
MD5 | 7b3aba71523c7e90b667fde899b6b1ef
CA Technologies GNU Bash Shellshock
Posted Oct 6, 2014
Authored by Ken Williams | Site www3.ca.com

CA Technologies is investigating multiple GNU Bash vulnerabilities, referred to as the "Shellshock" vulnerabilities, which were publicly disclosed on September 24-27, 2014. CVE identifiers CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, and CVE-2014-6278 have been assigned to these vulnerabilities. These vulnerabilities could allow a local or remote attacker to utilize specially crafted input to execute arbitrary commands or code.

tags | advisory, remote, arbitrary, local, vulnerability, bash
advisories | CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
MD5 | 4023510a267f233dc5466a8b9b0dc489
CA Technologies OpenSSL Heartbleed Issue
Posted May 19, 2014
Authored by Ken Williams | Site www3.ca.com

CA Technologies is investigating an OpenSSL vulnerability, referred to as the "Heartbleed bug" that was publicly disclosed on April 7, 2014. CA Technologies has confirmed that the majority of their product portfolio is unaffected. There are, however, several products that used vulnerable versions of OpenSSL 1.0.1 and consequently may be affected.

tags | advisory
advisories | CVE-2014-0160
MD5 | 5453ebf6434f2580ae667067a9affb2e
CA 2E Web Option Session Prediction
Posted Feb 19, 2014
Authored by Ken Williams | Site www3.ca.com

CA Technologies Support is alerting customers to a potential risk in CA 2E Web Option (C2WEB). A vulnerability exists that can allow an attacker to exploit an authentication weakness and execute a session prediction attack. The vulnerability is due to a predictable session token. An unauthenticated attacker can manipulate a session token to gain privileged access to a valid session. CA Technologies has issued fixes to address the vulnerability.

tags | advisory, web
advisories | CVE-2014-1219
MD5 | 7fadfd3e65352b522fd7cb75dbd6a581
Updated - Security Notice For CA IdentityMinder
Posted Jan 18, 2013
Authored by Ken Williams | Site www3.ca.com

CA Technologies Support is alerting customers to two potential risks in CA IdentityMinder (formerly known as CA Identity Manager). Two vulnerabilities exist that can allow a remote attacker to execute arbitrary commands, manipulate data, or gain elevated access. CA Technologies has issued patches to address the vulnerability. The first vulnerability allows a remote attacker to execute arbitrary commands or manipulate data. The second vulnerability allows a remote attacker to gain elevated access.

tags | advisory, remote, arbitrary, vulnerability
advisories | CVE-2012-6299, CVE-2012-6298
MD5 | 07bd67726e0f58c84be5107924e3de97
Security Notice For CA IdentityMinder
Posted Dec 22, 2012
Authored by Ken Williams | Site www3.ca.com

CA Technologies Support is alerting customers to two potential risks in CA IdentityMinder (formerly known as CA Identity Manager). Two vulnerabilities exist that can allow a remote attacker to execute arbitrary commands, manipulate data, or gain elevated access. CA Technologies has issued patches to address the vulnerability. The first vulnerability allows a remote attacker to execute arbitrary commands or manipulate data. The second vulnerability allows a remote attacker to gain elevated access.

tags | advisory, remote, arbitrary, vulnerability
advisories | CVE-2012-6299, CVE-2012-6298
MD5 | 327aeba374b1c9367327956b04292c33
Security Notice For CA License
Posted Oct 2, 2012
Authored by Ken Williams | Site www3.ca.com

CA Technologies Support is alerting customers to two potential risks in CA License (also known as CA Licensing). Vulnerabilities exist that can allow a local attacker to execute arbitrary commands or gain elevated access. CA Technologies has issued patches to address the vulnerabilities.

tags | advisory, arbitrary, local, vulnerability
advisories | CVE-2012-0691, CVE-2012-0692
MD5 | da9905439d6b7ebdc255eb04d32deead
CA SiteMinder Cross Site Scripting
Posted Aug 28, 2012
Authored by Ken Williams | Site www3.ca.com

CA Technologies Support is alerting customers to a potential risk in CA SiteMinder, CA Federation Manager, CA SOA Security Manager, CA SiteMinder Secure Proxy Server, and CA SiteMinder SharePoint Agent. A vulnerability exists that can allow a malicious user to execute a reflected cross site scripting (XSS) attack. CA Technologies has issued patches to address the vulnerability. The vulnerability occurs due to insufficient validation of postpreservationdata parameter input utilized in the login.fcc form. A malicious user can submit a specially crafted request to effectively hijack a victim's browser.

tags | advisory, xss
advisories | CVE-2011-4054
MD5 | 1886e054d2dd6edc825527c893bea3d2
CA SiteMinder Cross Site Scripting
Posted Dec 9, 2011
Authored by Ken Williams | Site www3.ca.com

CA Technologies Support is alerting customers to a potential risk in CA SiteMinder. A vulnerability exists that can allow a malicious user to execute a reflected cross site scripting (XSS) attack. CA Technologies has issued patches to address the vulnerability. The vulnerability occurs due to insufficient validation of postpreservationdata parameter input utilized in the login.fcc form. A malicious user can submit a specially crafted request to effectively hijack a victim’s browser.

tags | advisory, xss
advisories | CVE-2011-4054
MD5 | 9435d2cbd0b2a3a7c849068263dac9ff
CA ARCserve D2D Command Execution
Posted Aug 11, 2011
Authored by Ken Williams | Site www3.ca.com

CA Technologies support is alerting customers to a security risk associated with CA ARCserve D2D. A vulnerability exists that can allow a remote attacker to access credentials and execute arbitrary commands. CA Technologies has issued a patch to address the vulnerability. The vulnerability is due to improper session handling. A remote attacker can access credentials and execute arbitrary commands.

tags | advisory, remote, arbitrary
advisories | CVE-2011-3011
MD5 | 341adab577e93a021714e6b67647b658
CA SiteMinder R6 / R12 Improper Handling
Posted Apr 21, 2011
Authored by Ken Williams | Site www3.ca.com

CA Technologies support is alerting customers to a security risk associated with CA SiteMinder. A vulnerability exists that can allow a malicious user to impersonate another user. CA Technologies has issued patches to address the vulnerability. The vulnerability is due to improper handling of multi-line headers. A malicious user can send specially crafted data to impersonate another user.

tags | advisory
advisories | CVE-2011-1718
MD5 | ffd364135869f1132e22568378f1318e
CA Output Management Web Viewer 11.0 / 11.5 Boundary Errors
Posted Apr 21, 2011
Authored by Ken Williams | Site www3.ca.com

CA Technologies support is alerting customers to security risks associated with CA Output Management Web Viewer. Two vulnerabilities exist that can allow a remote attacker to execute arbitrary code. CA Technologies has issued patches to address the vulnerabilities. The vulnerabilities are due to boundary errors in the UOMWV_HelperActiveX.ocx and PPSView.ocx ActiveX controls. A remote attacker can create a specially crafted web page to exploit the flaws and potentially execute arbitrary code.

tags | advisory, remote, web, arbitrary, vulnerability, activex
advisories | CVE-2011-1719
MD5 | bbeba246d3ce36be6a7d73c8e91b7577
CA HIPS Arbitrary Code Execution
Posted Feb 25, 2011
Authored by Ken Williams | Site www3.ca.com

CA Technologies support is alerting customers to a security risk associated with CA Host-Based Intrusion Prevention System (HIPS). A vulnerability exists that can allow a remote attacker to execute arbitrary code. CA Technologies has issued patches to address the vulnerability. The vulnerability is due to insecure method implementation in the XMLSecDB ActiveX control that is utilized in CA HIPS components and products. A remote attacker can potentially execute arbitrary code if he can trick a user into visiting a malicious web page or opening a malicious file. Versions prior to 8.1.0.88 are affected.

tags | advisory, remote, web, arbitrary, activex
advisories | CVE-2011-1036
MD5 | 9551ac86c08c1110bdce359f65859c95
CA ARCserve D2D Arbitrary Code Execution
Posted Jan 1, 2011
Authored by Ken Williams | Site www3.ca.com

CA Technologies support is alerting customers to a security risk with CA ARCserve D2D. A vulnerability exists that can allow a remote attacker to execute arbitrary code. CA has issued an Information Solution to address the vulnerability. The vulnerability is due to default vulnerabilities inherent in the Tomcat and Axis2 3rd party software components. A remote attacker can exploit the implementation to execute arbitrary code.

tags | advisory, remote, arbitrary, vulnerability
MD5 | fde812ff08c1f37729b2c7f31680f92f
Security Notice For CA SiteMinder
Posted Mar 5, 2010
Authored by Ken Williams | Site www3.ca.com

CA's support is alerting customers to a security risk with CA SiteMinder. Multiple cross site scripting (XSS) vulnerabilities exist that can allow a remote attacker to potentially gain sensitive information. CA has provided guidance to remediate the vulnerability.

tags | advisory, remote, vulnerability, xss
advisories | CVE-2009-3731
MD5 | c5e4abac93849cb90447a5c73fd5b883
Security Notice For CA Anti-Virus Engine
Posted Oct 12, 2009
Authored by Ken Williams | Site www3.ca.com

CA's support is alerting customers to multiple security risks associated with CA Anti-Virus Engine. Vulnerabilities exist in the arclib component that can allow a remote attacker to cause a denial of service, or to cause heap corruption and potentially further compromise a system. CA has issued fixes to address the vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, virus
advisories | CVE-2009-3587, CVE-2009-3588
MD5 | 6a53d55147b5fa77f13b592d7e5773c7
CA Service Desk Tomcat Cross Site Scripting
Posted Jun 16, 2009
Authored by Ken Williams | Site www3.ca.com

The release of Tomcat as included with CA Service Desk r11.2 is potentially susceptible to a cross-site scripting vulnerability. CA has issued a technical document that describes remediation procedures.

tags | advisory, xss
advisories | CVE-2008-1232
MD5 | 02a9ce8a15dd69669003a85a3675e0c0
CA ARCserver Backup Message Engine Denial Of Service
Posted Jun 16, 2009
Authored by Ken Williams | Site www3.ca.com

CA ARCserve Backup contains multiple vulnerabilities in the message engine that can allow a remote attacker to cause a denial of service. CA has issued an update to address the vulnerabilities. The vulnerabilities occur due to insufficient verification of data sent to the message engine. An attacker can make requests that can cause the message engine to crash.

tags | advisory, remote, denial of service, vulnerability
advisories | CVE-2009-1761
MD5 | 6fa94544d3fed11c9f97fd2e854a1646
Page 1 of 4
Back1234Next

File Archive:

April 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    21 Files
  • 2
    Apr 2nd
    35 Files
  • 3
    Apr 3rd
    21 Files
  • 4
    Apr 4th
    16 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    1 Files
  • 7
    Apr 7th
    2 Files
  • 8
    Apr 8th
    23 Files
  • 9
    Apr 9th
    19 Files
  • 10
    Apr 10th
    15 Files
  • 11
    Apr 11th
    14 Files
  • 12
    Apr 12th
    11 Files
  • 13
    Apr 13th
    2 Files
  • 14
    Apr 14th
    5 Files
  • 15
    Apr 15th
    14 Files
  • 16
    Apr 16th
    19 Files
  • 17
    Apr 17th
    19 Files
  • 18
    Apr 18th
    8 Files
  • 19
    Apr 19th
    4 Files
  • 20
    Apr 20th
    5 Files
  • 21
    Apr 21st
    1 Files
  • 22
    Apr 22nd
    10 Files
  • 23
    Apr 23rd
    22 Files
  • 24
    Apr 24th
    11 Files
  • 25
    Apr 25th
    15 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close