Multiple instances of improper handling of NULL buffers in CA Anti-Virus allow local attackers to cause a denial of service condition. This issue affects only consumer CA Anti-Virus products.
11819a7013b6e40a1cc760c94258674027e522f92b3b43914752ec599d4cbb9fRed Hat Security Advisory 2017-1854-01 - Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. The following packages have been upgraded to a later upstream version: pidgin. Security Fix: A denial of service flaw was found in the way Pidgin's Mxit plug-in handled emoticons. A malicious remote server or a man-in-the-middle attacker could potentially use this flaw to crash Pidgin by sending a specially crafted emoticon.
8025ad83e85f7711d5359c27763a16556d76510821e47dc5d645d2f65d5b42abRed Hat Security Advisory 2016-2117-01 - OpenStack's File Share Service provides the means to easily provision shared file systems that can be consumed by multiple instances. These shared file systems are provisioned from pre-existing, back-end volumes. The UI component provides the dashboard plugin for the service. Security Fix: A cross-site scripting flaw was discovered in openstack-manila-ui's Metadata field contained in its "Create Share" form. A user could inject malicious HTML/JavaScript code that would then be reflected in the "Shares" overview. Remote, authenticated, but unprivileged users could exploit this vulnerability to steal session cookies and escalate their privileges.
e3745470c67fadf948bd32c8e4a2199fc2b2887dc551d030c708eae080865c05Red Hat Security Advisory 2016-2115-01 - OpenStack's File Share Service provides the means to easily provision shared file systems that can be consumed by multiple instances. These shared file systems are provisioned from pre-existing, back-end volumes. The UI component provides the dashboard plugin for the service. Security Fix: A cross-site scripting flaw was discovered in openstack-manila-ui's Metadata field contained in its "Create Share" form. A user could inject malicious HTML/JavaScript code that would then be reflected in the "Shares" overview. Remote, authenticated, but unprivileged users could exploit this vulnerability to steal session cookies and escalate their privileges.
d404a42f76e49cbb35e2255dc2c142aa737b8716fe2629ad07586e19e27d0604Red Hat Security Advisory 2016-2116-01 - OpenStack's File Share Service provides the means to easily provision shared file systems that can be consumed by multiple instances. These shared file systems are provisioned from pre-existing, back-end volumes. The UI component provides the dashboard plugin for the service. Security Fix: A cross-site scripting flaw was discovered in openstack-manila-ui's Metadata field contained in its "Create Share" form. A user could inject malicious HTML/JavaScript code that would then be reflected in the "Shares" overview. Remote, authenticated, but unprivileged users could exploit this vulnerability to steal session cookies and escalate their privileges.
31f6ebcd49229370b7f2900ffe40967c957825bf8faed803d57574a2a24010a2This Metasploit module takes advantage of the China Chopper Webshell that is commonly used by Chinese hackers.
d7fca763cda76a2b27b59c2e2618a505e5099c293f99615ce804976c10da3606Red Hat Security Advisory 2014-0139-01 - Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A heap-based buffer overflow flaw was found in the way Pidgin processed certain HTTP responses. A malicious server could send a specially crafted HTTP response, causing Pidgin to crash or potentially execute arbitrary code with the permissions of the user running Pidgin. Multiple heap-based buffer overflow flaws were found in several protocol plug-ins in Pidgin. A malicious server could send a specially crafted message, causing Pidgin to crash or potentially execute arbitrary code with the permissions of the user running Pidgin.
02c189bcb1976a4f4f88111e98a6e444bb4d4b7b3022798749683cfa0197b660Red Hat Security Advisory 2013-0646-01 - Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A stack-based buffer overflow flaw was found in the Pidgin MXit protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially-crafted HTTP request. A buffer overflow flaw was found in the Pidgin Sametime protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially-crafted username.
b3c19a4366ad523734159f85e06904742d756e830065660510bfdc31ede59ef8Red Hat Security Advisory 2012-1102-01 - Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A flaw was found in the way the Pidgin MSN protocol plug-in processed text that was not encoded in UTF-8. A remote attacker could use this flaw to crash Pidgin by sending a specially-crafted MSN message. An input validation flaw was found in the way the Pidgin MSN protocol plug-in handled MSN notification messages. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially-crafted MSN notification message.
8d8905da6f3429379dbb0297932d8d8f8669f30ac3e8f57d9cc8c0e9d64d608fRed Hat Security Advisory 2011-1821-01 - Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way the AOL Open System for Communication in Realtime protocol plug-in in Pidgin, used by the AOL ICQ and AIM instant messaging systems, escaped certain UTF-8 characters. A remote attacker could use this flaw to crash Pidgin via a specially-crafted OSCAR message. Multiple NULL pointer dereference flaws were found in the Jingle extension of the Extensible Messaging and Presence Protocol protocol plug-in in Pidgin. A remote attacker could use these flaws to crash Pidgin via a specially-crafted Jingle multimedia message.
8898c9e665950277a124090594f6f201ce5f2d533466d4f40f014414cdf3c633Red Hat Security Advisory 2011-1820-01 - Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way the AOL Open System for Communication in Realtime protocol plug-in in Pidgin, used by the AOL ICQ and AIM instant messaging systems, escaped certain UTF-8 characters. A remote attacker could use this flaw to crash Pidgin via a specially-crafted OSCAR message. An input sanitization flaw was found in the way the Pidgin SILC protocol plug-in escaped certain UTF-8 characters in channel messages. A remote attacker could use this flaw to crash Pidgin via a specially-crafted SILC message.
46920b2be0ad0a71dc0f6800ddcb5927c42aa93032c295654bdee52801a20d3fRed Hat Security Advisory 2011-1371-01 - Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way the Pidgin SILC protocol plug-in escaped certain UTF-8 characters. A remote attacker could use this flaw to crash Pidgin via a specially-crafted SILC message. Multiple NULL pointer dereference flaws were found in the way the Pidgin Yahoo! Messenger Protocol plug-in handled malformed YMSG packets. A remote attacker could use these flaws to crash Pidgin via a specially-crafted notification message.
f0ad974a63999ee0a2da67fe7b5c6434dc5657a1919e71a6c7d833f173143ae6CA ARCserve Backup contains a vulnerability that can allow a remote attacker to cause a denial of service or execute arbitrary code. CA has issued patches to address the vulnerability. The vulnerability is due to insufficient verification of client data. A remote attacker can crash the LDBserver service or execute arbitrary code in the context of the service. Note: The client installation is not affected.
c3f42a1781959a4e232299fd40445813782d401f6a4ad863bcdc64c3aefdb67aTeam SHATTER Security Advisory - Oracle Database provides the "LT" PL/SQL package that is part of the Oracle Workspace Manager component. This package has multiple instances of SQL Injection in COMPRESSWORKSPACETREE, MERGEWORKSPACE and REMOVEWORKSPACE procedures.
46972c6b9e06e4bc4b703ab2962224b03b0e54bbdc772217823fb7beae043812The Computer Associates Host-Based Intrusion Prevention System SDK contains two vulnerabilities that can allow an attacker to cause a denial of service or possibly execute arbitrary code. CA has issued updates to address the vulnerabilities. The first vulnerability occurs due to insufficient verification of IOCTL requests by the kmxfw.sys driver. A local attacker can send an IOCTL request that can cause a system crash or potentially result in arbitrary code execution. The second vulnerability occurs due to insufficient validation by the kmxfw.sys driver. An attacker can make a request that can cause a system crash.
985be0e793f4ac4d6d9e3779bf5ca6b54567e5ea355a83dec5b7ae1dbd4feee5CA products that embed Ingres contain multiple vulnerabilities that can allow a remote attacker to execute arbitrary code, gain privileges, or cause a denial of service condition.
6040ab449470478bb5b86d5556ee4b54361f55be9e1dd935da2bec7284d81f1fCA ARCserve Backup contains a vulnerability in the Discovery service (casdscsvc) that can allow a remote attacker to cause a denial of service condition. CA has issued patches to address the vulnerability. The vulnerability occurs due to insufficient verification of client data. An attacker can make a request that can crash the service.
0741ffe1de4d95ff387305e81ed6300a04528dc9d2dc44058f58fe0edd600007CA Secure Content Manager contains multiple vulnerabilities in the HTTP Gateway service that can allow a remote attacker to cause a denial of service condition or execute arbitrary code.
47555d68b8e92edea082d71fedeb7d325edf58e7a50e1aaa6b62fd587d4992bbCA Security Advisory - A potential vulnerability exists in the Ingres software that is embedded in various CA products. This vulnerability exists only on Ingres 2.5 and Ingres 2.6 on Windows, and does not manifest itself on any Unix platform. Ingres r3 and Ingres 2006 are not affected.
f7ca90c4521927236d3bbfefb70dc89c88259368d66a18dae3701216866ea1caCA Security Advisory - Multiple vulnerabilities exist in BrightStor ARCserve Backup that can allow a remote attacker to cause a denial of service, execute arbitrary code, or take privileged action.
eeb6c53417ccc26b912aa3b7ee71b7c4d770d635ec4f613ec8a5036d63014596CA Host-Based Intrusion Prevention System (CA HIPS) contains a vulnerability in the Server installation that can allow a remote attacker to take unauthorized administrative action. The vulnerability occurs due to raw request data being displayed in the log when viewed by a browser. The client installation is not vulnerable.
c85539d8e715bc4393459fcd55868d6547302d34f075669e2c00d0567ee58f18Multiple vulnerabilities exist in BrightStor ARCserve Backup that can allow a remote attacker to cause a denial of service, execute arbitrary code, or take privileged action. The first set of vulnerabilities occur due to insufficient bounds checking by multiple components. The second vulnerability occurs due to privileged functions being available for use without proper authorization. The third set of vulnerabilities are due to a memory corruption occurring with the processing of RPC procedure arguments by multiple services. The vulnerabilities allow an attacker to cause a denial of service, or potentially to execute arbitrary code.
8860eaa4bfc2250849f113f1ca5d8c680bf62c6a8fde2785a35e35b2338b7feaMultiple vulnerabilities exist in the CsAgent service that can allow a remote attacker to execute arbitrary code or cause a denial of service condition. The first set of vulnerabilities, CVE-2007-5082, occur due to insufficient bounds checking in multiple CsAgent service commands. The second set of vulnerabilities, CVE-2007-5083, occur due to insufficient validation of integer values in multiple CsAgent service commands, which can lead to buffer overflow. The third set of vulnerabilities, CVE-2007-5084, occur due to insufficient validation of strings used in SQL statements in multiple CsAgent service commands.
363a6e7d492038cdb02283292599822fec694fd384becbbaf92e0cbd416cee51CA ARCserve Backup for Laptops and Desktops contains multiple vulnerabilities that can allow a remote attacker to cause a denial of service condition or execute arbitrary code.
5454620d885de990b879969d7c8d672b34a987080f8b5bfd71c41320e3bc6593Multiple CA products that utilize CA Message Queuing (CAM / CAFT) software contain a buffer overflow vulnerability. The vulnerability is a buffer overflow that can allow a remote attacker to execute arbitrary code by sending a specially crafted message to TCP port 3104.
46fe72c71f2b06a14afa104372ad4b44357e43e92eabdb5b2e93b341ebb45541CA products that utilize the Arclib library contain two denial of service vulnerabilities. The first vulnerability is due to an application hang when processing a specially malformed CHM file. The second vulnerability is due to an application hang when processing a specially malformed RAR file.
01a0d7692b70c516c3cfb44baa9d756e9080e6e2262ee925e1c28f0efba48ff3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed