Multiple instances of improper handling of NULL buffers in CA Anti-Virus allow local attackers to cause a denial of service condition. This issue affects only consumer CA Anti-Virus products.
11819a7013b6e40a1cc760c94258674027e522f92b3b43914752ec599d4cbb9feTrust Intrusion Detection contains a vulnerability associated with the caller.dll ActiveX control. The vulnerability is due to the caller.dll ActiveX control being marked safe for scripting. An attacker, who can lure a user into visiting a malicious website, can potentially gain complete control of an affected installation.
bf7652ef856974e523274a458f8762421906e746b5daddbe7db3072d50c9cec1Multiple CA products that utilize Alert service functionality contain multiple vulnerabilities. The vulnerabilities are due to insufficient bounds checking on received data by certain RPC procedures. An attacker can exploit these buffer overflows to execute arbitrary code or cause service failure.
dff03d4b04f6fb38db9efcc99d514db64917edf808004035f18a70b3cba857e0Various CA products that embed Ingres products contain multiple vulnerabilities that can allow an attacker to potentially execute arbitrary code.
b9420a8daa8448c325330f47f53519fd6d8bf578d33c969e755fb2c28d048bb8CA Anti-Virus engine contains multiple vulnerabilities that can allow a remote attacker to cause a denial of service or possibly execute arbitrary code.
7a18d60f22a825bfaf66d090825d58ae0eae1abbf39a0c649afdfefc4b5795cfCA Anti-Virus for the Enterprise, CA Threat Manager, and CA Anti-Spyware contain multiple vulnerabilities that can allow an attacker to cause a denial of service or possibly execute arbitrary code. CA has issued patches to address the vulnerabilities.
8f199a847ae100657c96161091769e0883d36aa803d130e150619b62423ebc0cCA CleverPath Portal contains a vulnerability that can allow a local attacker to access confidential data. The vulnerability is due to insufficient filtering of SQL search queries. CA has issued a patch to address the vulnerability.
ea5c74d47d854c08f37384a948d4e8b4340a0d0bb6f3ef77f923334836a16891CA BrightStor ARCserve Backup Media Server contains multiple vulnerabilities that can allow a remote attacker to cause a denial of service or possibly execute arbitrary code. CA has issued patches to address the vulnerabilities.
50cf00ebba6e500a55c1f41bdda6ade451e15f3fa8050b06f214c5c44a6563acCA BrightStor ARCserve Backup contains four vulnerabilities that can allow a remote attacker to cause a denial of service or possibly execute arbitrary code. CA has issued patches to address the vulnerabilities.
26afa70359ee71d1cdb1f3ba90e2bd4290ccf6d14fd317067b25d049a10fc66fCA BrightStor ARCserve remote stack overflow exploit that takes advantage of msgeng.exe.
0b1a30b722ff620e0febfdb5b8951ad05cb2c7414c5e23ae648fd2e32271331fThe CA eTrust Admin GINA component contains a privilege escalation vulnerability within the reset password interface. This vulnerability is exploitable only through physical interactive access or through Remote Desktop. Affected products include eTrust Admin 8.1 SP2 (8.1.2), eTrust Admin 8.1 SP1 (8.1.1), and eTrust Admin 8.1 (8.1.0).
3962113ae17c146b5640bd4ec12da7a3f96a4ed5be77c2f201e85de1071f6d9eCA eTrust Intrusion Detection contains a vulnerability that can allow a remote attacker to cause a denial of service condition. Affected Products include eTrust Intrusion Detection 3.0 SP1, eTrust Intrusion Detection 3.0, and eTrust Intrusion Detection 2.0 SP1.
c4aff44d742dff175c969692af2d23c9c6f951c0f4edf0ab1e710a1fed11ce69Multiple vulnerabilities have been discovered in CA Personal Firewall drivers. The vulnerabilities are due to errors in the HIPS Core (KmxStart.sys) and HIPS Firewall (KmxFw.sys) drivers. Local attackers can exploit these vulnerabilities to gain escalated privileges.
02589667c3f2bd1a0335ba0b442c8b18de4508cda0b0bb4a915da330839058a7CA BrightStor ARCserve Backup for Laptops and Desktops contains multiple overflow conditions that can allow a remote attacker to cause a denial of service, or execute arbitrary code with local SYSTEM privileges on Windows.
6e6e8672248a7e1c4d803e9bf66b4054b05795508a899203c5e4ade01aafd269CA BrightStor ARCserve Backup contains multiple overflow conditions that can allow a remote attacker to execute arbitrary code with local SYSTEM privileges on Windows. The BrightStor ARCserve Backup Tape Engine service, Mediasvr service, and ASCORE.dll file are affected.
277d1dc497086cde18530d9b1513f826b6a78561bd1e1048a84224d877383608CAID 34876 - CA CleverPath Portal and other CA solutions that embed Portal technology contain a session verification vulnerability.
0f54412beb75b544d797f6a6475238fc984c6235fe7678318bc1b6e2c236672cCAID 34846 - CA BrightStor ARCserve Backup contains a buffer overflow that allows remote attackers to execute arbitrary code with local SYSTEM privileges on Windows. This issue affects the BrightStor Backup Discovery Service in multiple BrightStor ARCserve Backup application agents and the Base product.
14f77fd442c8352fa5dc275da7b933076426d1d4e5c398ae09e7d8bf4a539e90ProgSys 0.151 and below suffer from multiple instances of cross site scripting.
12c2b4c1ca50ef10c00652fd6ecfdf01ebe996921db9a3af71195ad5e4a9260eCAID 34693, 34694 - CA BrightStor ARCserve Backup contains multiple buffer overflow conditions that allow remote attackers to execute arbitrary code with local SYSTEM privileges on Windows. These issues affect the BrightStor Backup Agent Service, the Job Engine Service, and the Discovery Service in multiple BrightStor ARCserve Backup application agents and the Base product.
aab9553c2355bbb2473b67f29de0eca777c8f03660b498ab0279bf3ed1729b5b[CAID 34693, 34694]: CA BrightStor ARCserve Backup Multiple Buffer Overflow Vulnerabilities (UPDATED): Summary: CA BrightStor ARCserve Backup contains multiple buffer overflow conditions that allow remote attackers to execute arbitrary code with local SYSTEM privileges on Windows. These issues affect the BrightStor Backup Agent Service, the Job Engine Service, and the Discovery Service in multiple BrightStor ARCserve Backup application agents and the Base product.
aab9553c2355bbb2473b67f29de0eca777c8f03660b498ab0279bf3ed1729b5bCAID 34661: CA Unicenter WSDM File System Read Access Vulnerability: Unicenter Web Services Distributed Management 3.1 uses a known vulnerable version of Jetty WebServer, an open source java web server. An advisory describing the Jetty WebServer vulnerability can be found at http://www.securityfocus.com/bid/11330. The vulnerability allows a remote attacker to gain full read access on the install partitions file system of the Unicenter WSDM host system through a directory traversal attack
59d313f06c61c6c3e14d15a2c66be546acd4d72d6e7daa4d3b078b9969a8198dDayfox Blog v2.0 suffers from multiple instances of remote file inclusion.
2867e5bf5b3ec6d902f925b4a4e9408670f672427228ce6f5cbc7d4634c53f72CAID 34616, 34617, 34618: CA eTrust Security Command Center and eTrust Audit vulnerabilities
b236dc13a9d36b5ace9a497fbaa92180a506c8f2c86ab714d159c59c043c12baCAID 34509 - CA eTrust Antivirus WebScan versions 1.1.0.1047 and below are susceptible to arbitrary code execution flaws.
4cae55691ffcf0223d655c47bdca23e5fc91998a767f9a7caacd4f4169d4c5ffCAID 34325 - CA ITM, eAV, ePP scan job description field format string vulnerability
07a837f7b40e2e601e9d01c4f63a3d737cdfa42056432e84c50f216b96451b95CAID 34013 - A potential vulnerability issue exists in our CAIRIM LMP solution for z/OS. CAIRIM is delivered as part of CA's z/OS Common Services, and the LMP component provides licensing services to many of CA's z/OS solutions. IBM Global Services discovered an integrity problem, which could be exploited by an expert user of a z/OS system that utilizes CA's CAIRIM LMP component. We worked with IBM Global Services to understand the nature of the problem and to make certain that the remedy we have now provided addresses the problem completely.
25441e6a3e621cc379e0b1ebc1b28c21793d35d4bbe5423529a5dd2ede625cb1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed