what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 60 RSS Feed

Files from Kevin Kotas

First Active2002-05-01
Last Active2020-12-18
CA SiteMinder Cross Site Scripting
Posted Oct 25, 2013
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies Support is alerting customers to a potential vulnerability in CA SiteMinder that can be mitigated by utilizing existing product functionality. The vulnerability can potentially allow a remote attacker to conduct a cross-site scripting attack and execute script in the security context of the SiteMinder domain. Customers should review their SiteMinder deployments to verify that the vulnerability mitigating functionality is enabled. Versions 12.51, 12.5, 12.0 and 6 Web Agents are affected.

tags | advisory, remote, web, xss
advisories | CVE-2013-5968
SHA-256 | 7484ac45d17585798083790d7030a16af3adf9a7edd7018fd77567ee3e3aaf5c
CA Service Desk Manager Cross Site Scripting
Posted Jul 26, 2013
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies Support is alerting customers to a potential risk with CA Service Desk Manager. A vulnerability exists that can allow a remote attacker to conduct cross-site scripting attacks. CA Technologies published patches to address the vulnerability. The vulnerability occurs due to insufficient verification of URL query string parameters. An attacker, who can have an unsuspecting user follow a carefully constructed URL, may perform various cross-site scripting attacks.

tags | advisory, remote, xss
advisories | CVE-2013-2630
SHA-256 | d63a76083ac68c48ee8a7b1f88abdecf4446e7f484d0f8db4a371147e75caf8c
Security Notice For CA Process Automation (CA PAM)
Posted May 29, 2013
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies support is alerting customers to a vulnerability with CA Process Automation (CA PAM). The vulnerability occurs in the bundled JBoss Seam component. A remote attacker can execute arbitrary code.

tags | advisory, remote, arbitrary
advisories | CVE-2010-1871
SHA-256 | 2e54655588c25bdefe31a55c53e84ad769d4df7d8697929e133e8c471bd7394d
Security Notice For CA ControlMinder - Update
Posted Apr 30, 2013
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies support is alerting customers to a potential risk with CA ControlMinder. A vulnerability exists that can allow a remote attacker to execute arbitrary code. CA has issued remediation to address the vulnerability. The vulnerability occurs due to the default JBoss Application Server configuration not correctly enforcing authentication. A remote attacker can bypass authentication, which may result in arbitrary code execution and server compromise. This vulnerability only affects the server components.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2010-0738
SHA-256 | 64660f12f6dffd5ead18f692e26e016ebc3bd54a5bb79b9a73ea69407b74de6f
Security Notice For SiteMinder Products Using SAML
Posted Mar 20, 2013
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies support is alerting customers to a potential risk with certain CA SiteMinder products that implement Security Assertion Markup Language (SAML). Multiple vulnerabilities exist that can possibly allow a remote attacker to gain additional privileges. The vulnerabilities concern the verification of XML signatures on SAML statements. An attacker can perform various attacks to impersonate another user in the single sign-on system.

tags | advisory, remote, vulnerability
advisories | CVE-2013-2279
SHA-256 | 0a14a948ab88ea32cc65eec67d7baeacc0cfda2caa0d678240891bf18319d013
Security Notice For CA ControlMinder
Posted Feb 13, 2013
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies Support is alerting customers to a potential risk with CA ControlMinder. A vulnerability exists that can allow a remote attacker to execute arbitrary code. CA has issued remediation to address the vulnerability. The vulnerability occurs due to the default JBoss Application Server configuration not correctly enforcing authentication. A remote attacker can bypass authentication, which may result in arbitrary code execution and server compromise. This vulnerability only affects the server components.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2010-0738
SHA-256 | c191161ea9ede921182bd50c60a26d485e8a24e091a255c3ef2ebc60b2e63446
Security Notice For CA ARCserve Backup
Posted Jan 15, 2013
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies support is alerting customers to multiple risks with certain CA ARCserve Backup RPC services. Two vulnerabilities exist that can allow a remote attacker to execute arbitrary code or cause a denial of service condition. The first vulnerability occurs due to a flaw with how RPC requests are processed. An attacker can potentially execute arbitrary code or cause a denial of service on server installations. The second vulnerability occurs due to insufficient validation of certain RPC requests and exploitation can result in a service crash. This vulnerability affects both server and agent installations. This advisory is an updated version of the originally release CA20121018-01.

tags | advisory, remote, denial of service, arbitrary, vulnerability
advisories | CVE-2012-2971, CVE-2012-2972
SHA-256 | be3d581b61c9b5924795c648c3df4db5b11cf040219259da002acc2321c797fa
CA XCOM Data Transport Command Execution
Posted Dec 6, 2012
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies Support is alerting customers to a potential risk with CA XCOM Data Transport. A vulnerability exists that can allow a remote attacker to execute arbitrary commands. CA Technologies has issued patches to address the vulnerability. The vulnerability occurs due to insufficient verification of requests. A remote attacker can send a carefully constructed request to execute arbitrary commands and compromise the server.

tags | advisory, remote, arbitrary
advisories | CVE-2012-5973
SHA-256 | 239c6eaa7173b4f89af22da52f04a65f1d261f70a0307189f6106dc8714326da
CA ARCserve Backup Security Notice
Posted Oct 20, 2012
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies support is alerting customers to multiple risks with certain CA ARCserve Backup RPC services. Two vulnerabilities exist that can allow a remote attacker to execute arbitrary code or cause a denial of service condition. The first vulnerability occurs due to a flaw with how RPC requests are processed. An attacker can potentially execute arbitrary code or cause a denial of service on server installations. The second vulnerability occurs due to insufficient validation of certain RPC requests and exploitation can result in a service crash. This vulnerability affects both server and agent installations.

tags | advisory, remote, denial of service, arbitrary, vulnerability
advisories | CVE-2012-2971, CVE-2012-2972
SHA-256 | 09e5a6cd41ce7ba234c0aa89f40a067136370cc7f4a6451edbb776dd2ec7c23f
CA ARCserve Backup Denial Of Service
Posted Mar 21, 2012
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies Support is alerting customers to a potential risk with CA ARCserve Backup for Windows. A vulnerability exists that can allow a remote attacker to cause a denial of service condition. CA Technologies has issued fixes to address the vulnerability. The vulnerability occurs due to insufficient validation of certain network requests. An attacker can potentially use the vulnerability to disable network services.

tags | advisory, remote, denial of service
systems | windows
advisories | CVE-2012-1662
SHA-256 | f6cc7aa2a2c098a2e8ed419d61aa4d65e98cc20b7bdc4c73e4cfe07ba7fc117b
CA Directory Insufficient Bounds Checking
Posted Nov 17, 2011
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies Support is alerting customers to a potential risk with CA Directory. A vulnerability exists that can allow a remote attacker to cause a denial of service condition. Remediation is available to address the vulnerability. The vulnerability occurs due to insufficient bounds checking. A remote attacker can send a SNMP packet that can cause a crash.

tags | advisory, remote, denial of service
advisories | CVE-2011-3849
SHA-256 | 2504afdbecc5337cc2f3bedfcdb2f35357e06e9213344c8bb32f8190347818d5
CA Gateway Security And Total Defense Memory Overwrite
Posted Jul 21, 2011
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies support is alerting customers to a security risk with CA Gateway Security. A vulnerability exists that can allow a remote attacker to execute arbitrary code. CA has issued an update that resolves the vulnerability. The vulnerability occurs due to insufficient bounds checking that can result in a memory overwrite on the heap. By sending a malformed request, an attacker can overwrite a sensitive portion of heap memory, which can potentially result in server compromise.

tags | advisory, remote, arbitrary
advisories | CVE-2011-2667
SHA-256 | 129765a243cc9461d666229b218c140b7dd2b2170b92ae5385206f75be6ce569
CA eHealth Cross Site Scripting
Posted May 11, 2011
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies support is alerting customers to a security risk with CA eHealth. A vulnerability exists that may potentially allow an attacker to compromise web user security. The vulnerability occurs due to insufficient validation of sent request parameters. An attacker, who can convince a user to follow a carefully constructed link or view a malicious web page, can conduct various cross-site scripting attacks. Versions 6.0.x, 6.1.x, 6.2.1, and 6.2.2 are affected.

tags | advisory, web, xss
advisories | CVE-2011-1899
SHA-256 | 59491a8e54f0e3980dff181e854aac91f5f99b5bc0eb81ce1a280219f8dbd3da
CA Arcot WebFort Versatile Authentication Server XSS / URL Redirection
Posted Apr 27, 2011
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies support is alerting customers to multiple security risks with CA Arcot WebFort Versatile Authentication Server. Two vulnerabilities exist that can allow a remote attacker to potentially compromise web user security. The first set of vulnerabilities occur due to insufficient handling of request parameters sent to the Arcot Administrative Console. An attacker, who can convince a user to follow a URL or view a webpage, can potentially conduct cross-site scripting attacks. The second vulnerability occurs due to insufficient filtering of a request parameter sent to the Arcot Administrative Console. An attacker, who can convince a user to follow a URL or view a webpage, can use redirection to potentially carry out additional web based attacks.

tags | advisory, remote, web, vulnerability, xss
advisories | CVE-2011-1826, CVE-2011-1825
SHA-256 | b7f2426e298629c164af95d01b3886396dbdea3a03957d1a67ef5c0aac369b16
CA Total Defense SQL Injection / Shell Upload
Posted Apr 14, 2011
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies support is alerting customers to security risks with CA Total Defense. Multiple vulnerabilities exist that can allow a remote attacker to possibly execute arbitrary code. CA issued an automatic update to address the vulnerabilities. The first set of vulnerabilities are due to insufficient handling of certain request parameters. A remote attacker can use various SQL injection attacks to potentially compromise the Unified Network Control (UNC) Server. The second vulnerability occurs due to insufficient handling of file upload parameters. A remote attacker can upload a file and use it to execute arbitrary code on the Total Defense Management Server. The third vulnerability is due to insufficient protection of sensitive information. A remote attack can acquire account credentials and take privileged action on the Unified Network Control (UNC) Server.

tags | advisory, remote, arbitrary, vulnerability, sql injection, file upload
advisories | CVE-2011-1653, CVE-2011-1654, CVE-2011-1655
SHA-256 | 9697f3a718cfbc9df64ba14c7c65ce50a6f140e9f9064d6822691eb7e5a4adcc
CA Technologies Remote Code Execution
Posted Dec 9, 2010
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies support is alerting customers to a security risk with CA XOsoft. A vulnerability exists that can allow a remote attacker to execute arbitrary code. CA has issued a patch to address the vulnerability for each affected release. The vulnerability is due to insufficient bounds checking with a SOAP request. A remote attacker can make a SOAP request to cause a buffer overflow and potentially compromise the system.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2010-3984
SHA-256 | 9d039f55b21c958375378d4ba47477b52c27a168b01375bd467fcfa9414e7265
Security Notice For CA PSFormX And WebScan Active-X Controls
Posted Jun 12, 2010
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies support is alerting users to multiple security risks with the PSFormX and WebScan ActiveX controls previously available from the CA Global Security Advisor site. Multiple vulnerabilities exist that can potentially allow a remote attacker to execute arbitrary code.

tags | advisory, remote, arbitrary, vulnerability, activex
advisories | CVE-2010-2193
SHA-256 | 0b049ea0898a69371cc5cc8a26e73e66c53c04571db9692f5331ddf978382a43
CA ARCserve Backup Information Disclosure
Posted Jun 4, 2010
Authored by Kevin Kotas | Site www3.ca.com

CA's support is alerting customers to a security risks with CA ARCserve Backup. A vulnerability exists that can potentially allow a local attacker to gain sensitive information.

tags | advisory, local
advisories | CVE-2010-2157
SHA-256 | 06ddd0ac2e0c6812405ad8e4e65836ebf983a0a9512ec15cb15638b106952ee3
Security Notice For CA XOsoft
Posted Apr 7, 2010
Authored by Kevin Kotas | Site www3.ca.com

CA's support is alerting customers to multiple security risks with CA XOsoft products. Multiple vulnerabilities exist that can allow a remote attacker to gain sensitive information, cause a denial of service, or possibly execute arbitrary code. CA has issued patches to address the vulnerabilities.

tags | advisory, remote, denial of service, arbitrary, vulnerability
advisories | CVE-2010-1221, CVE-2010-1222, CVE-2010-1223
SHA-256 | 4f0ccb63614eae015dcca644dfed7c789226834eac0663d29fecd6799c65fd53
Security Notice For CA ARCserve Backup
Posted Mar 20, 2010
Authored by Kevin Kotas | Site www3.ca.com

CA's support is alerting customers to security risks with CA ARCserve Backup. The version of JRE shipped with ARCserve Backup is potentially susceptible to multiple vulnerabilities and has also reached end of life. Support is providing JRE 1.6 upgrades as remediation.

tags | advisory, vulnerability
SHA-256 | cfefe844cbf368208645fa446b73b5a519cb032ac24cc9cf1e2b6e84548e6812
CA eHealth Performance Manager Security Notice
Posted Feb 24, 2010
Authored by Kevin Kotas | Site www3.ca.com

CA's support is alerting customers to a security risk with CA eHealth Performance Manager. A cross-site scripting vulnerability exists that can allow a remote attacker to potentially gain sensitive information. CA has provided guidance to remediate the vulnerability.

tags | advisory, remote, xss
advisories | CVE-2010-0640
SHA-256 | 39d84995aec8b0cb22c76241f4147383e8b61c3f330f9f6678b33fe9bd42b489
CA Service Desk r12.1 Cross Site Scripting
Posted Feb 23, 2010
Authored by Kevin Kotas | Site www3.ca.com

CA's support is alerting customers to a security risk with CA Service Desk r12.1. The release of Tomcat as included with CA Service Desk r12.1 is potentially susceptible to a cross-site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2008-1947
SHA-256 | 2e92d226c13807796ab6b28da061de5d24b3df3aa35c5887901a5a31a4b25235
CA Service Desk Security Notice
Posted Dec 9, 2009
Authored by Kevin Kotas | Site www3.ca.com

CA's support is alerting customers to a security risk with CA Service Desk. A cross-site scripting vulnerability exists that can allow a remote attacker to potentially gain sensitive information. CA has issued patches to address the vulnerability.

tags | advisory, remote, xss
advisories | CVE-2009-4149
SHA-256 | c693621b91a9aa7cb65f2332d160db6216d422e57c07d7703086080646986b6d
CA Internet Security Suite Denial Of Service
Posted Aug 18, 2009
Authored by Kevin Kotas

CA's technical support is alerting customers to a security risk with CA Internet Security Suite. A vulnerability exists that can allow a local attacker to cause a denial of service. CA has issued updates to address the vulnerability.

tags | advisory, denial of service, local
advisories | CVE-2009-0682
SHA-256 | 9c3d68ac3dad0276ab9339d015dc14dc652b5e16394e015cb1e8cb17467ad31f
CA Host-Based IPS Denial Of Service
Posted Aug 18, 2009
Authored by Kevin Kotas

CA's technical support is alerting customers to a security risk with CA Host-Based Intrusion Prevention System. A vulnerability exists that can allow a remote attacker to cause a denial of service. CA has issued a patch to address the vulnerability.

tags | advisory, remote, denial of service
advisories | CVE-2009-2740
SHA-256 | f455554c212e25843047986dea31c1900e3efee354d31a7324a20d7fd58aa3a3
Page 2 of 3
Back123Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close