This Metasploit module exploits an sql injection flaw in CA Total Defense Suite R12. When supplying a specially crafted soap request to '/UNCWS/Management.asmx', an attacker can abuse the reGenerateReports stored procedure by injecting arbitrary sql statements into the ReportIDs element. NOTE: This Metasploit module was tested against the MS SQL Server 2005 Express that's bundled with CA Total Defense Suite R12. CA's Total Defense Suite real-time protection will quarantine the default framework executable payload. Choosing an alternate exe template will bypass the quarantine.
59f34d37d37b405a3dd87eeca325a737d7f8ec08d171027a83a944479ce1cfcd
Zero Day Initiative Advisory 11-134 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite r12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RegenerateReport stored procedure, accessed via the management.asmx console. The Management Web Service listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for HTTPS. Due to a flaw in the implementation of the RegenerateReport stored procedure, it is possible for a remote, unauthenticated user to inject arbitrary SQL commands in the SOAP request which could ultimately lead to arbitrary code execution under the context of the SYSTEM user by invoking an exec function.
9604c9d1dba521a52fec22695da4ef25091e8b8ac4dd8e7c7d4451edd336a30c
Zero Day Initiative Advisory 11-133 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DeleteReports stored procedure, accessed via the management.asmx console. The Management Web Service listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for HTTPS. Due to a flaw in the implementation of the DeleteReports stored procedure, it is possible for a remote, unauthenticated user to inject arbitrary SQL commands in the SOAP request which could ultimately lead to arbitrary code execution under the context of the SYSTEM user by invoking an exec function.
63e6487bc5e04f7f5fb3b9d735fe4a94a20ce08835b90f30d5200a28f74fa88e
Zero Day Initiative Advisory 11-132 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DeleteReportLayout stored procedure, accessed via the management.asmx console. The Management Web Service listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for HTTPS. Due to a flaw in the implementation of the DeleteReportLayout stored procedure, it is possible for a remote, un-authenticated user to inject arbitrary SQL commands in the SOAP request which could ultimately lead to arbitrary code execution under the context of the SYSTEM user by invoking an exec function.
142dc870b1e27809cf5462bfb9c020f9b964670c2aa95a15de96b5c4fb38a774
Zero Day Initiative Advisory 11-131 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NonAssignedUserList stored procedure, accessed via the management.asmx console. The Management Web Service listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for HTTPS. Due to a flaw in the implementation of the NonAssignedUserList stored procedure, it is possible for a remote, un-authenticated user to inject arbitrary SQL commands in the SOAP request which could ultimately lead to arbitrary code execution under the context of the SYSTEM user by invoking an exec function.
c8588b14f2af9ae6351222e30cea70f2eabb552c5d74b4a76ef031ab0e46d0b7
CA Technologies support is alerting customers to security risks with CA Total Defense. Multiple vulnerabilities exist that can allow a remote attacker to possibly execute arbitrary code. CA issued an automatic update to address the vulnerabilities. The first set of vulnerabilities are due to insufficient handling of certain request parameters. A remote attacker can use various SQL injection attacks to potentially compromise the Unified Network Control (UNC) Server. The second vulnerability occurs due to insufficient handling of file upload parameters. A remote attacker can upload a file and use it to execute arbitrary code on the Total Defense Management Server. The third vulnerability is due to insufficient protection of sensitive information. A remote attack can acquire account credentials and take privileged action on the Unified Network Control (UNC) Server.
9697f3a718cfbc9df64ba14c7c65ce50a6f140e9f9064d6822691eb7e5a4adcc
Zero Day Initiative Advisory 11-130 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite Unified Network Control Management Console. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DeleteFilter stored procedure, accessed via the MainApplication.html console. The Unified Network Control Management Console listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for HTTPS. Due to a flaw in the implementation of the DeleteFilter stored procedure, it is possible for a remote, un-authenticated user to inject arbitrary SQL commands in the SOAP request which could ultimately lead to arbitrary code execution under the context of the SYSTEM user by invoking an exec function.
d01e6cf4fc6bdb05a9814da878a530840c02bb2c5cb63953ab07a0633c7b9416
Zero Day Initiative Advisory 11-129 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UnassignAdminRoles stored procedure, accessed via the management.asmx console. The Management Web Service listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for HTTPS. Due to a flaw in the implementation of the UnAssignFunctionalUsers stored procedure, it is possible for a remote, un-authenticated user to inject arbitrary SQL commands in the SOAP request which could ultimately lead to arbitrary code execution under the context of the SYSTEM user by invoking an exec function.
0ec175efc79d75101fcc9188b8620d95bc4b3627a90310bc64e0d7834862b9d4
Zero Day Initiative Advisory 11-128 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UnAssignFunctionalRoles stored procedure, accessed via the management.asmx console. The Management Web Service listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for HTTPS. Due to a flaw in the implementation of the UnAssignFunctionalUsers stored procedure, it is possible for a remote, un-authenticated user to inject arbitrary SQL commands in the SOAP request which could ultimately lead to arbitrary code execution under the context of the SYSTEM user by invoking an exec function.
d6e71067fdc7623aa9dc1e33e254f51ef48f0e2c1afe154361941ac748d11199