exploit the possibilities
Showing 26 - 50 of 77 RSS Feed

Files from Ken Williams

Email addressjames.williams at ca.com
First Active2005-08-05
Last Active2019-01-24
CA ARCserve Backup Apache HTTP Server
Posted May 1, 2009
Authored by Ken Williams | Site www3.ca.com

CA ARCserve Backup on Solaris, Tru64, HP-UX, and AIX contains multiple vulnerabilities in the Apache HTTP Server version as shipped with ARCserve Backup. CA has issued updates that contain version 2.0.63 of the Apache HTTP Server to address the vulnerabilities.

tags | advisory, web, vulnerability
systems | solaris, aix, hpux
advisories | CVE-2004-0747, CVE-2003-0132
MD5 | 17819dce878111fcd780dc2f7d8a527a
CA Anti-Virus Engine Detection Evasion
Posted Jan 28, 2009
Authored by Ken Williams | Site www3.ca.com

The CA Anti-Virus engine contains multiple vulnerabilities that can allow a remote attacker to evade detection by the Anti-Virus engine by creating a malformed archive file in one of several common file archive formats.

tags | advisory, remote, vulnerability, virus
advisories | CVE-2009-0042
MD5 | 03a2d292a0f555da0cc7e5cd45973e94
CA20090123-01.txt
Posted Jan 27, 2009
Authored by Ken Williams | Site www3.ca.com

Multiple security risks exist in Apache Tomcat as included with CA Cohesion and products that contain CA Cohesion. These include, but are not limited to, arbitrary command execution. Affected products include CA Cohesion Application Configuration Manager 4.5, CA CMDB Application Server 11.1, and Unicenter Service Desk 11.2.

tags | advisory, arbitrary
advisories | CVE-2005-2090, CVE-2005-3510, CVE-2006-3835, CVE-2006-7195, CVE-2006-7196, CVE-2007-0450, CVE-2007-1355, CVE-2007-1358, CVE-2007-1858, CVE-2007-2449, CVE-2007-2450, CVE-2007-3382, CVE-2007-3385, CVE-2007-3386, CVE-2008-0128
MD5 | 406407556a0e7f00842611efb8753b8c
CA smmsnmpd Arbitrary Command Execution
Posted Jan 7, 2009
Authored by Ken Williams | Site www3.ca.com

CA Service Metric Analysis and CA Service Level Management contain a vulnerability that can allow a remote attacker to execute arbitrary commands. CA has issued patches to address the vulnerability. The vulnerability is due to insufficient access restrictions associated with the smmsnmpd service. A remote attacker can exploit this vulnerability to execute arbitrary commands in the context of the service. Affected products include CA Service Level Management 3.5, CA Service Metric Analysis r11.0, CA Service Metric Analysis r11.1, and CA Service Metric Analysis r11.1 SP1.

tags | advisory, remote, arbitrary
advisories | CVE-2009-0043
MD5 | 29eac4fb82df696ee49b0366799f009d
CA ARCserve Backup LDBserver Vulnerability
Posted Dec 10, 2008
Authored by Ken Williams | Site www3.ca.com

CA ARCserve Backup contains a vulnerability that can allow a remote attacker to cause a denial of service or execute arbitrary code. CA has issued patches to address the vulnerability. The vulnerability is due to insufficient verification of client data. A remote attacker can crash the LDBserver service or execute arbitrary code in the context of the service. Note: The client installation is not affected.

tags | advisory, remote, denial of service, arbitrary
advisories | CVE-2008-5415
MD5 | 3199e210467e764518ad5ff768796b19
caarcserve-dos.txt
Posted Oct 9, 2008
Authored by Ken Williams | Site www3.ca.com

CA ARCserve Backup contains multiple vulnerabilities that can allow a remote attacker to cause a denial of service or possibly execute arbitrary code. CA has issued patches to address the vulnerabilities. The first vulnerability occurs due to insufficient validation of certain RPC call parameters by the message engine service. An attacker can exploit a directory traversal vulnerability to execute arbitrary commands. The second vulnerability occurs due to insufficient validation by the tape engine service. An attacker can make a request that will crash the service. The third vulnerability occurs due to insufficient validation by the database engine service. An attacker can make a request that will crash the service. The fourth vulnerability occurs due to insufficient validation of authentication credentials. An attacker can make a request that will crash multiple services. Note that these issues only affect the base product.

tags | advisory, remote, denial of service, arbitrary, vulnerability
advisories | CVE-2008-4397, CVE-2008-4398, CVE-2008-4399, CVE-2008-4400
MD5 | 3d3a5ef9e28febb30c8e338d187c076a
caservice-xss.txt
Posted Sep 27, 2008
Authored by Ken Williams | Site www3.ca.com

CA Service Desk contains multiple vulnerabilities that can allow a remote attacker to conduct cross-site scripting attacks. CA has issued patches to address the vulnerabilities. Versions affected include CA Service Desk r11.2, CA CMDB 11.0, CA CMDB 11.1, and CA CMDB 11.2.

tags | advisory, remote, vulnerability, xss
advisories | CVE-2008-4119
MD5 | e205dc6c40a9a031989dc2ac0073d025
CAID-hips.txt
Posted Aug 13, 2008
Authored by Ken Williams | Site www3.ca.com

The Computer Associates Host-Based Intrusion Prevention System SDK contains two vulnerabilities that can allow an attacker to cause a denial of service or possibly execute arbitrary code. CA has issued updates to address the vulnerabilities. The first vulnerability occurs due to insufficient verification of IOCTL requests by the kmxfw.sys driver. A local attacker can send an IOCTL request that can cause a system crash or potentially result in arbitrary code execution. The second vulnerability occurs due to insufficient validation by the kmxfw.sys driver. An attacker can make a request that can cause a system crash.

tags | advisory, denial of service, arbitrary, local, vulnerability, code execution
advisories | CVE-2008-2926, CVE-2008-3174
MD5 | 52701f67f2ab2c573adeaa9937ab8db8
CAID-EmbedIngres.txt
Posted Aug 6, 2008
Authored by Ken Williams | Site www3.ca.com

CA products that embed Ingres contain multiple vulnerabilities that can allow a remote attacker to execute arbitrary code, gain privileges, or cause a denial of service condition.

tags | advisory, remote, denial of service, arbitrary, vulnerability
advisories | CVE-2008-3356, CVE-2008-3357, CVE-2008-3389
MD5 | 51884d1235e06665382101424ab0fe0f
caarcserve-backup.txt
Posted Aug 1, 2008
Authored by Ken Williams | Site www3.ca.com

CA ARCserve Backup for Laptops and Desktops server contains a vulnerability that can allow a remote attacker to execute arbitrary code or cause a denial of service condition. CA has issued updates to address the vulnerability. The vulnerability occurs due to insufficient bounds checking by the LGServer service. An attacker can make a request that can result in arbitrary code execution or crash the service.

tags | advisory, remote, denial of service, arbitrary, code execution
advisories | CVE-2008-3175
MD5 | 4984818c410e517d95fdd9b3ce5eb496
CAID-disc-dos.txt
Posted Jun 18, 2008
Authored by Ken Williams | Site www3.ca.com

CA ARCserve Backup contains a vulnerability in the Discovery service (casdscsvc) that can allow a remote attacker to cause a denial of service condition. CA has issued patches to address the vulnerability. The vulnerability occurs due to insufficient verification of client data. An attacker can make a request that can crash the service.

tags | advisory, remote, denial of service
advisories | CVE-2008-1979
MD5 | cb294251feff0e35d4a5033bbfadf55f
CA-caloggerdxdr.txt
Posted May 20, 2008
Authored by Ken Williams | Site www3.ca.com

CA ARCserve Backup contains multiple vulnerabilities that can allow a remote attacker to cause a denial of service or execute arbitrary code. CA has issued patches to address the vulnerabilities. The first vulnerability, CVE-2008-2241, is due to insufficient path verification by the logging service, caloggerd. An attacker can append data to arbitrary files, which can lead to system compromise. The second vulnerability, CVE-2008-2242, is due to insufficient bounds checking by multiple xdr functions. An attacker can cause an overflow and execute arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary, vulnerability
advisories | CVE-2008-2241, CVE-2008-2242
MD5 | 612eed8dc378f0b53f234e2a163e0464
cadsm-activex.txt
Posted Apr 16, 2008
Authored by Ken Williams | Site www3.ca.com

CA products that implement the DSM gui_cm_ctrls ActiveX control contain a vulnerability that can allow a remote attacker to cause a denial of service or execute arbitrary code. The vulnerability is due to insufficient verification of function arguments by the gui_cm_ctrls control. An attacker can execute arbitrary code under the context of the user running the web browser.

tags | advisory, remote, web, denial of service, arbitrary, activex
advisories | CVE-2008-1786
MD5 | 0459d642cca948564271c7536b495555
CAarc-multi.txt
Posted Apr 5, 2008
Authored by Ken Williams | Site www3.ca.com

CA Security Advisory - CA ARCserve Backup for Laptops and Desktops Server contains multiple vulnerabilities that can allow a remote attacker to execute arbitrary code or cause a denial of service condition. CA has issued updates to address the vulnerabilities. The first issue occurs due to insufficient bounds checking on command arguments by the LGServer service. The second issue occurs due to insufficient verification of file uploads by the NetBackup service. In most cases, an attacker can potentially gain complete control of an affected installation. Additionally, only a server installation of BrightStor ARCserve Backup for Laptops and Desktops is affected. The client installation is not affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability, file upload
advisories | CVE-2008-1328, CVE-2008-1329
MD5 | 579f6632d25d2375c8f0987283a05848
CAalert-multi.txt
Posted Apr 5, 2008
Authored by Ken Williams | Site www3.ca.com

CA Security Advisory - CA Alert Notification Server service contains multiple vulnerabilities that can allow a remote authenticated attacker to execute arbitrary code or cause a denial of service condition. CA has issued updates to address the vulnerabilities. The vulnerabilities are due to insufficient bounds checking in multiple procedures. A remote authenticated attacker or local user can exploit a buffer overflow to execute arbitrary code or cause a denial of service.

tags | advisory, remote, denial of service, overflow, arbitrary, local, vulnerability
advisories | CVE-2007-4620
MD5 | 0f210394aad268a0f3f84f8d8acfb639
camulti-overflow.txt
Posted Mar 28, 2008
Authored by Ken Williams | Site www3.ca.com

CA Security Advisory - CA products that implement the DSM ListCtrl ActiveX control are vulnerable to a buffer overflow condition that can allow a remote attacker to cause a denial of service or execute arbitrary code with the privileges of the user running the web browser.

tags | advisory, remote, web, denial of service, overflow, arbitrary, activex
advisories | CVE-2008-1472
MD5 | 65eda83c7e5bae337d11f91b9d4e591b
CA Security Advisory 35970
Posted Dec 24, 2007
Authored by Ken Williams, Computer Associates | Site www3.ca.com

CA Security Advisory - A potential vulnerability exists in the Ingres software that is embedded in various CA products. This vulnerability exists only on Ingres 2.5 and Ingres 2.6 on Windows, and does not manifest itself on any Unix platform. Ingres r3 and Ingres 2006 are not affected.

tags | advisory
systems | windows, unix
advisories | CVE-2007-6334
MD5 | 75d1aea42d606c7d355dd7885d28c8e5
CA Security Advisory 35754
Posted Oct 22, 2007
Authored by Ken Williams, Computer Associates | Site www3.ca.com

CA Host-Based Intrusion Prevention System (CA HIPS) contains a vulnerability in the Server installation that can allow a remote attacker to take unauthorized administrative action. The vulnerability occurs due to raw request data being displayed in the log when viewed by a browser. The client installation is not vulnerable.

tags | advisory, remote
advisories | CVE-2007-5472
MD5 | 26296d663e5bc8ed3f4ebea3490cefc7
CAID-ARCserve.txt
Posted Oct 12, 2007
Authored by Ken Williams | Site www3.ca.com

Multiple vulnerabilities exist in BrightStor ARCserve Backup that can allow a remote attacker to cause a denial of service, execute arbitrary code, or take privileged action. The first set of vulnerabilities occur due to insufficient bounds checking by multiple components. The second vulnerability occurs due to privileged functions being available for use without proper authorization. The third set of vulnerabilities are due to a memory corruption occurring with the processing of RPC procedure arguments by multiple services. The vulnerabilities allow an attacker to cause a denial of service, or potentially to execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary, vulnerability
advisories | CVE-2007-5325, CVE-2007-5326, CVE-2007-5327, CVE-2007-5328, CVE-2007-5329, CVE-2007-5330, CVE-2007-5331, CVE-2007-5332
MD5 | 4b9058618aa139e33922525d849a8ced
CAID-hsmcmv.txt
Posted Sep 27, 2007
Authored by Ken Williams | Site www3.ca.com

Multiple vulnerabilities exist in the CsAgent service that can allow a remote attacker to execute arbitrary code or cause a denial of service condition. The first set of vulnerabilities, CVE-2007-5082, occur due to insufficient bounds checking in multiple CsAgent service commands. The second set of vulnerabilities, CVE-2007-5083, occur due to insufficient validation of integer values in multiple CsAgent service commands, which can lead to buffer overflow. The third set of vulnerabilities, CVE-2007-5084, occur due to insufficient validation of strings used in SQL statements in multiple CsAgent service commands.

tags | advisory, remote, denial of service, overflow, arbitrary, vulnerability
advisories | CVE-2007-5082, CVE-2007-5083, CVE-2007-5084
MD5 | 5758d3c018842776cb44bd43a352c4c7
CAID-backup.txt
Posted Sep 25, 2007
Authored by Ken Williams | Site www3.ca.com

CA ARCserve Backup for Laptops and Desktops contains multiple vulnerabilities that can allow a remote attacker to cause a denial of service condition or execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary, vulnerability
advisories | CVE-2007-3216, CVE-2007-5003, CVE-2007-5004, CVE-2007-5005, CVE-2007-5006
MD5 | 6bb11018996839ab3d337dab5aaa7d0a
CA Security Advisory 35527
Posted Jul 25, 2007
Authored by Ken Williams, Computer Associates | Site www3.ca.com

Multiple CA products that utilize CA Message Queuing (CAM / CAFT) software contain a buffer overflow vulnerability. The vulnerability is a buffer overflow that can allow a remote attacker to execute arbitrary code by sending a specially crafted message to TCP port 3104.

tags | advisory, remote, overflow, arbitrary, tcp
advisories | CVE-2007-0060
MD5 | ab501b46991f1fab5eb58cd640e9f5c4
CA Security Advisory 35525
Posted Jul 25, 2007
Authored by Ken Williams, Computer Associates | Site www3.ca.com

CA products that utilize the Arclib library contain two denial of service vulnerabilities. The first vulnerability is due to an application hang when processing a specially malformed CHM file. The second vulnerability is due to an application hang when processing a specially malformed RAR file.

tags | advisory, denial of service, vulnerability
advisories | CVE-2007-3875, CVE-2007-5645
MD5 | 10a5665874d17a5c342ba0a0e56e4924
CA Security Advisory 35524
Posted Jul 25, 2007
Authored by Ken Williams, Computer Associates | Site www3.ca.com

eTrust Intrusion Detection contains a vulnerability associated with the caller.dll ActiveX control. The vulnerability is due to the caller.dll ActiveX control being marked safe for scripting. An attacker, who can lure a user into visiting a malicious website, can potentially gain complete control of an affected installation.

tags | advisory, activex
advisories | CVE-2007-3302
MD5 | 0f81f87e5fb0e8acadbc9da84286310e
CA Security Advisory 35515
Posted Jul 20, 2007
Authored by Ken Williams, Computer Associates | Site www3.ca.com

Multiple CA products that utilize Alert service functionality contain multiple vulnerabilities. The vulnerabilities are due to insufficient bounds checking on received data by certain RPC procedures. An attacker can exploit these buffer overflows to execute arbitrary code or cause service failure.

tags | advisory, overflow, arbitrary, vulnerability
advisories | CVE-2007-3825
MD5 | ea597a900ed63173104b243d02af6b2b
Page 2 of 4
Back1234Next

File Archive:

August 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    10 Files
  • 2
    Aug 2nd
    8 Files
  • 3
    Aug 3rd
    2 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    79 Files
  • 7
    Aug 7th
    16 Files
  • 8
    Aug 8th
    10 Files
  • 9
    Aug 9th
    10 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    6 Files
  • 12
    Aug 12th
    26 Files
  • 13
    Aug 13th
    15 Files
  • 14
    Aug 14th
    19 Files
  • 15
    Aug 15th
    52 Files
  • 16
    Aug 16th
    11 Files
  • 17
    Aug 17th
    1 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close