exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 84 RSS Feed

Files from Ken Williams

Email addressjames.williams at ca.com
First Active2005-08-05
Last Active2022-02-04
CA Output Management Web Viewer 11.0 / 11.5 Boundary Errors
Posted Apr 21, 2011
Authored by Ken Williams | Site www3.ca.com

CA Technologies support is alerting customers to security risks associated with CA Output Management Web Viewer. Two vulnerabilities exist that can allow a remote attacker to execute arbitrary code. CA Technologies has issued patches to address the vulnerabilities. The vulnerabilities are due to boundary errors in the UOMWV_HelperActiveX.ocx and PPSView.ocx ActiveX controls. A remote attacker can create a specially crafted web page to exploit the flaws and potentially execute arbitrary code.

tags | advisory, remote, web, arbitrary, vulnerability, activex
advisories | CVE-2011-1719
SHA-256 | a2fdaccf936701cb458f4e2b02cdf7db59f508b0f0e7f796daac3f28d4115ccb
CA HIPS Arbitrary Code Execution
Posted Feb 25, 2011
Authored by Ken Williams | Site www3.ca.com

CA Technologies support is alerting customers to a security risk associated with CA Host-Based Intrusion Prevention System (HIPS). A vulnerability exists that can allow a remote attacker to execute arbitrary code. CA Technologies has issued patches to address the vulnerability. The vulnerability is due to insecure method implementation in the XMLSecDB ActiveX control that is utilized in CA HIPS components and products. A remote attacker can potentially execute arbitrary code if he can trick a user into visiting a malicious web page or opening a malicious file. Versions prior to 8.1.0.88 are affected.

tags | advisory, remote, web, arbitrary, activex
advisories | CVE-2011-1036
SHA-256 | 1165984f0f9a0bde4ed83ed6d3943f818df52123eeb80a2f91a7d5dce511133b
CA ARCserve D2D Arbitrary Code Execution
Posted Jan 1, 2011
Authored by Ken Williams | Site www3.ca.com

CA Technologies support is alerting customers to a security risk with CA ARCserve D2D. A vulnerability exists that can allow a remote attacker to execute arbitrary code. CA has issued an Information Solution to address the vulnerability. The vulnerability is due to default vulnerabilities inherent in the Tomcat and Axis2 3rd party software components. A remote attacker can exploit the implementation to execute arbitrary code.

tags | advisory, remote, arbitrary, vulnerability
SHA-256 | d45629c328104fe8803b9f9bf4683e49b202ea86b3bdfff68ace08ce803d0c8c
Security Notice For CA SiteMinder
Posted Mar 5, 2010
Authored by Ken Williams | Site www3.ca.com

CA's support is alerting customers to a security risk with CA SiteMinder. Multiple cross site scripting (XSS) vulnerabilities exist that can allow a remote attacker to potentially gain sensitive information. CA has provided guidance to remediate the vulnerability.

tags | advisory, remote, vulnerability, xss
advisories | CVE-2009-3731
SHA-256 | 0086b7aee2a4c6e1f497434c6dd1033fc49b8c4e5dabfa495c73ef3dad9e9fb8
Security Notice For CA Anti-Virus Engine
Posted Oct 12, 2009
Authored by Ken Williams | Site www3.ca.com

CA's support is alerting customers to multiple security risks associated with CA Anti-Virus Engine. Vulnerabilities exist in the arclib component that can allow a remote attacker to cause a denial of service, or to cause heap corruption and potentially further compromise a system. CA has issued fixes to address the vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, virus
advisories | CVE-2009-3587, CVE-2009-3588
SHA-256 | 1dc4058c8e774be29fddef6f172c726958c3daac8818e3613e4ed1638ebe3c6f
CA Service Desk Tomcat Cross Site Scripting
Posted Jun 16, 2009
Authored by Ken Williams | Site www3.ca.com

The release of Tomcat as included with CA Service Desk r11.2 is potentially susceptible to a cross-site scripting vulnerability. CA has issued a technical document that describes remediation procedures.

tags | advisory, xss
advisories | CVE-2008-1232
SHA-256 | d707e5a41acfb37cf9412d440b94a1a0a483c37fdfd80518eae28728bf326b60
CA ARCserver Backup Message Engine Denial Of Service
Posted Jun 16, 2009
Authored by Ken Williams | Site www3.ca.com

CA ARCserve Backup contains multiple vulnerabilities in the message engine that can allow a remote attacker to cause a denial of service. CA has issued an update to address the vulnerabilities. The vulnerabilities occur due to insufficient verification of data sent to the message engine. An attacker can make requests that can cause the message engine to crash.

tags | advisory, remote, denial of service, vulnerability
advisories | CVE-2009-1761
SHA-256 | 7fc7703516c70a91ea9a307108dc90e534db45f1157a750a6798f2880f833fd9
CA ARCserve Backup Apache HTTP Server
Posted May 1, 2009
Authored by Ken Williams | Site www3.ca.com

CA ARCserve Backup on Solaris, Tru64, HP-UX, and AIX contains multiple vulnerabilities in the Apache HTTP Server version as shipped with ARCserve Backup. CA has issued updates that contain version 2.0.63 of the Apache HTTP Server to address the vulnerabilities.

tags | advisory, web, vulnerability
systems | solaris, aix, hpux
advisories | CVE-2004-0747, CVE-2003-0132
SHA-256 | d86ddfa32f66c166dab389f1acfc4382cf2d3e171fd0b28f0cb00c76bf5575e6
CA Anti-Virus Engine Detection Evasion
Posted Jan 28, 2009
Authored by Ken Williams | Site www3.ca.com

The CA Anti-Virus engine contains multiple vulnerabilities that can allow a remote attacker to evade detection by the Anti-Virus engine by creating a malformed archive file in one of several common file archive formats.

tags | advisory, remote, vulnerability, virus
advisories | CVE-2009-0042
SHA-256 | 944ae526a24c8cceb81b918075140aa5750f12966e49907a39066cac40a142ce
CA20090123-01.txt
Posted Jan 27, 2009
Authored by Ken Williams | Site www3.ca.com

Multiple security risks exist in Apache Tomcat as included with CA Cohesion and products that contain CA Cohesion. These include, but are not limited to, arbitrary command execution. Affected products include CA Cohesion Application Configuration Manager 4.5, CA CMDB Application Server 11.1, and Unicenter Service Desk 11.2.

tags | advisory, arbitrary
advisories | CVE-2005-2090, CVE-2005-3510, CVE-2006-3835, CVE-2006-7195, CVE-2006-7196, CVE-2007-0450, CVE-2007-1355, CVE-2007-1358, CVE-2007-1858, CVE-2007-2449, CVE-2007-2450, CVE-2007-3382, CVE-2007-3385, CVE-2007-3386, CVE-2008-0128
SHA-256 | c8609f8dceb80de59813e4e08c5e56ee0e21604a9ddf888c621eda88cd823b65
CA smmsnmpd Arbitrary Command Execution
Posted Jan 7, 2009
Authored by Ken Williams | Site www3.ca.com

CA Service Metric Analysis and CA Service Level Management contain a vulnerability that can allow a remote attacker to execute arbitrary commands. CA has issued patches to address the vulnerability. The vulnerability is due to insufficient access restrictions associated with the smmsnmpd service. A remote attacker can exploit this vulnerability to execute arbitrary commands in the context of the service. Affected products include CA Service Level Management 3.5, CA Service Metric Analysis r11.0, CA Service Metric Analysis r11.1, and CA Service Metric Analysis r11.1 SP1.

tags | advisory, remote, arbitrary
advisories | CVE-2009-0043
SHA-256 | a62071c482a2724a1868fed40e856bb95649bf2a7c07ab8477daf6ca035387fe
CA ARCserve Backup LDBserver Vulnerability
Posted Dec 10, 2008
Authored by Ken Williams | Site www3.ca.com

CA ARCserve Backup contains a vulnerability that can allow a remote attacker to cause a denial of service or execute arbitrary code. CA has issued patches to address the vulnerability. The vulnerability is due to insufficient verification of client data. A remote attacker can crash the LDBserver service or execute arbitrary code in the context of the service. Note: The client installation is not affected.

tags | advisory, remote, denial of service, arbitrary
advisories | CVE-2008-5415
SHA-256 | c3f42a1781959a4e232299fd40445813782d401f6a4ad863bcdc64c3aefdb67a
caarcserve-dos.txt
Posted Oct 9, 2008
Authored by Ken Williams | Site www3.ca.com

CA ARCserve Backup contains multiple vulnerabilities that can allow a remote attacker to cause a denial of service or possibly execute arbitrary code. CA has issued patches to address the vulnerabilities. The first vulnerability occurs due to insufficient validation of certain RPC call parameters by the message engine service. An attacker can exploit a directory traversal vulnerability to execute arbitrary commands. The second vulnerability occurs due to insufficient validation by the tape engine service. An attacker can make a request that will crash the service. The third vulnerability occurs due to insufficient validation by the database engine service. An attacker can make a request that will crash the service. The fourth vulnerability occurs due to insufficient validation of authentication credentials. An attacker can make a request that will crash multiple services. Note that these issues only affect the base product.

tags | advisory, remote, denial of service, arbitrary, vulnerability
advisories | CVE-2008-4397, CVE-2008-4398, CVE-2008-4399, CVE-2008-4400
SHA-256 | 4a1efc837ec3a9c0d729220a5e7ba7876a7442c1a76a70f4dfc0ac3bc64384ca
caservice-xss.txt
Posted Sep 27, 2008
Authored by Ken Williams | Site www3.ca.com

CA Service Desk contains multiple vulnerabilities that can allow a remote attacker to conduct cross-site scripting attacks. CA has issued patches to address the vulnerabilities. Versions affected include CA Service Desk r11.2, CA CMDB 11.0, CA CMDB 11.1, and CA CMDB 11.2.

tags | advisory, remote, vulnerability, xss
advisories | CVE-2008-4119
SHA-256 | 2a80ba34606dc3bdedd7a43bb67a8f007f1f415a4bdcec3033e08b9640bb0211
CAID-hips.txt
Posted Aug 13, 2008
Authored by Ken Williams | Site www3.ca.com

The Computer Associates Host-Based Intrusion Prevention System SDK contains two vulnerabilities that can allow an attacker to cause a denial of service or possibly execute arbitrary code. CA has issued updates to address the vulnerabilities. The first vulnerability occurs due to insufficient verification of IOCTL requests by the kmxfw.sys driver. A local attacker can send an IOCTL request that can cause a system crash or potentially result in arbitrary code execution. The second vulnerability occurs due to insufficient validation by the kmxfw.sys driver. An attacker can make a request that can cause a system crash.

tags | advisory, denial of service, arbitrary, local, vulnerability, code execution
advisories | CVE-2008-2926, CVE-2008-3174
SHA-256 | 985be0e793f4ac4d6d9e3779bf5ca6b54567e5ea355a83dec5b7ae1dbd4feee5
CAID-EmbedIngres.txt
Posted Aug 6, 2008
Authored by Ken Williams | Site www3.ca.com

CA products that embed Ingres contain multiple vulnerabilities that can allow a remote attacker to execute arbitrary code, gain privileges, or cause a denial of service condition.

tags | advisory, remote, denial of service, arbitrary, vulnerability
advisories | CVE-2008-3356, CVE-2008-3357, CVE-2008-3389
SHA-256 | 6040ab449470478bb5b86d5556ee4b54361f55be9e1dd935da2bec7284d81f1f
caarcserve-backup.txt
Posted Aug 1, 2008
Authored by Ken Williams | Site www3.ca.com

CA ARCserve Backup for Laptops and Desktops server contains a vulnerability that can allow a remote attacker to execute arbitrary code or cause a denial of service condition. CA has issued updates to address the vulnerability. The vulnerability occurs due to insufficient bounds checking by the LGServer service. An attacker can make a request that can result in arbitrary code execution or crash the service.

tags | advisory, remote, denial of service, arbitrary, code execution
advisories | CVE-2008-3175
SHA-256 | 546596733a111ab7c22eab5b58d387a2bba2105322c3c3b4174032dbce075728
CAID-disc-dos.txt
Posted Jun 18, 2008
Authored by Ken Williams | Site www3.ca.com

CA ARCserve Backup contains a vulnerability in the Discovery service (casdscsvc) that can allow a remote attacker to cause a denial of service condition. CA has issued patches to address the vulnerability. The vulnerability occurs due to insufficient verification of client data. An attacker can make a request that can crash the service.

tags | advisory, remote, denial of service
advisories | CVE-2008-1979
SHA-256 | 0741ffe1de4d95ff387305e81ed6300a04528dc9d2dc44058f58fe0edd600007
CA-caloggerdxdr.txt
Posted May 20, 2008
Authored by Ken Williams | Site www3.ca.com

CA ARCserve Backup contains multiple vulnerabilities that can allow a remote attacker to cause a denial of service or execute arbitrary code. CA has issued patches to address the vulnerabilities. The first vulnerability, CVE-2008-2241, is due to insufficient path verification by the logging service, caloggerd. An attacker can append data to arbitrary files, which can lead to system compromise. The second vulnerability, CVE-2008-2242, is due to insufficient bounds checking by multiple xdr functions. An attacker can cause an overflow and execute arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary, vulnerability
advisories | CVE-2008-2241, CVE-2008-2242
SHA-256 | 4e72f135e85d378c8daae3e615f25746727f11c302917fbfcb8e7d99f84d149b
cadsm-activex.txt
Posted Apr 16, 2008
Authored by Ken Williams | Site www3.ca.com

CA products that implement the DSM gui_cm_ctrls ActiveX control contain a vulnerability that can allow a remote attacker to cause a denial of service or execute arbitrary code. The vulnerability is due to insufficient verification of function arguments by the gui_cm_ctrls control. An attacker can execute arbitrary code under the context of the user running the web browser.

tags | advisory, remote, web, denial of service, arbitrary, activex
advisories | CVE-2008-1786
SHA-256 | b63cbfd73b81137d031f97bd4f2406b126e28b710e79acc9de05299b137471b2
CAarc-multi.txt
Posted Apr 5, 2008
Authored by Ken Williams | Site www3.ca.com

CA Security Advisory - CA ARCserve Backup for Laptops and Desktops Server contains multiple vulnerabilities that can allow a remote attacker to execute arbitrary code or cause a denial of service condition. CA has issued updates to address the vulnerabilities. The first issue occurs due to insufficient bounds checking on command arguments by the LGServer service. The second issue occurs due to insufficient verification of file uploads by the NetBackup service. In most cases, an attacker can potentially gain complete control of an affected installation. Additionally, only a server installation of BrightStor ARCserve Backup for Laptops and Desktops is affected. The client installation is not affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability, file upload
advisories | CVE-2008-1328, CVE-2008-1329
SHA-256 | 465613d80f35d24daf2fd29de5df3e3834e3533ddc03f34fa29343c01188d0fe
CAalert-multi.txt
Posted Apr 5, 2008
Authored by Ken Williams | Site www3.ca.com

CA Security Advisory - CA Alert Notification Server service contains multiple vulnerabilities that can allow a remote authenticated attacker to execute arbitrary code or cause a denial of service condition. CA has issued updates to address the vulnerabilities. The vulnerabilities are due to insufficient bounds checking in multiple procedures. A remote authenticated attacker or local user can exploit a buffer overflow to execute arbitrary code or cause a denial of service.

tags | advisory, remote, denial of service, overflow, arbitrary, local, vulnerability
advisories | CVE-2007-4620
SHA-256 | 87c606935857a14dd69d4559e0de12e92406b71e84be5dad04da16eda476df5d
camulti-overflow.txt
Posted Mar 28, 2008
Authored by Ken Williams | Site www3.ca.com

CA Security Advisory - CA products that implement the DSM ListCtrl ActiveX control are vulnerable to a buffer overflow condition that can allow a remote attacker to cause a denial of service or execute arbitrary code with the privileges of the user running the web browser.

tags | advisory, remote, web, denial of service, overflow, arbitrary, activex
advisories | CVE-2008-1472
SHA-256 | 09da45444339d3374071c6c750d520dceb4ed69662d8b774f4b6bf0b10195eef
CA Security Advisory 35970
Posted Dec 24, 2007
Authored by Ken Williams, Computer Associates | Site www3.ca.com

CA Security Advisory - A potential vulnerability exists in the Ingres software that is embedded in various CA products. This vulnerability exists only on Ingres 2.5 and Ingres 2.6 on Windows, and does not manifest itself on any Unix platform. Ingres r3 and Ingres 2006 are not affected.

tags | advisory
systems | windows, unix
advisories | CVE-2007-6334
SHA-256 | f7ca90c4521927236d3bbfefb70dc89c88259368d66a18dae3701216866ea1ca
CA Security Advisory 35754
Posted Oct 22, 2007
Authored by Ken Williams, Computer Associates | Site www3.ca.com

CA Host-Based Intrusion Prevention System (CA HIPS) contains a vulnerability in the Server installation that can allow a remote attacker to take unauthorized administrative action. The vulnerability occurs due to raw request data being displayed in the log when viewed by a browser. The client installation is not vulnerable.

tags | advisory, remote
advisories | CVE-2007-5472
SHA-256 | c85539d8e715bc4393459fcd55868d6547302d34f075669e2c00d0567ee58f18
Page 2 of 4
Back1234Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    51 Files
  • 18
    Sep 18th
    23 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close