Multiple instances of improper handling of NULL buffers in CA Anti-Virus allow local attackers to cause a denial of service condition. This issue affects only consumer CA Anti-Virus products.
11819a7013b6e40a1cc760c94258674027e522f92b3b43914752ec599d4cbb9fThe following two security vulnerability issues have been identified in the CA Message Queuing (CAM / CAFT) software: CAM is vulnerable to a Denial of Service (DoS) attack when a specially crafted message is received on TCP port 4105. CAM is vulnerable to a Denial of Service (DoS) through the spoofing of CAM control messages.
fa9bcf5733c36e27029a5ff78f5ff979acef14def6f47abd1743b7b6362823ebThe CA iGateway common component, which is included with several CA products for UNIX/Linux/Windows platforms, contains a buffer overflow vulnerability that can allow arbitrary code to be executed remotely with SYSTEM privileges on Windows, and cause iGateway component failure on UNIX and Linux platforms.
8409e14595803164e947c37dd2dfbb346cd4de292b503ce34d26b1d3bf7dc40dThe following security vulnerability issues have been identified in the DM Primer part of the DM Deployment Common Component being distributed with some CA products.
3bb77b73a739e829a3825d2e8abbaa2acbef94cd5a8a75f892c2a5e96d8e7d82The Computer Associates iGateway common component, which is included with several CA products for UNIX/Linux/Windows platforms, contains a buffer overflow vulnerability that could allow remote attackers to execute arbitrary code on Windows platforms, or cause iGateway component failure (denial of service) on UNIX and Linux. The vulnerability is due to improper bounds checking on HTTP GET requests by the iGateway component when debug mode is enabled.
74bd732e56cce6be5894ef060731af97fd2aa0bfc7f55e97f70154c829339733PHP Session versions 3.x and 4.x are susceptible to a user login bypass vulnerability due to sharing session id information in the same location for multiple instances.
2a9e0f07429c4df5c6fcbef536321945931afbe922a19dbbf82e09b5391c2f74During a recent internal audit, CA discovered several vulnerability issues in the CA Message Queuing (CAM / CAFT) software. CA has made patches available for all affected users. These vulnerabilities affect all versions of the CA Message Queuing software prior to v1.07 Build 220_13 and v1.11 Build 29_13 on the platforms specified below.
d5bbb6c6ef69369d57bffbc7b601ba4afb4ce1009bb13cdc9ffd06f706f43207Computer Associates BrightStor ARCserve Backup and BrightStor Enterprise Backup Agents for Windows contain a stack-based buffer overflow vulnerability. The vulnerability may allow remote attackers to execute arbitrary code with SYSTEM privileges, or cause a denial of service condition. The buffer overflow is the result of improper bounds checking performed on data sent to port 6070.
d0b86151caf4b31b313680362872830cbd81e6f29d1e165ddf1aea180174a2edWebCracker 3.0 Beta 2 (wc30b2.zip) is a password cracker designed to brute force login/password combinations for web sites that use HTTP-based password authentication. [script kiddies read: get free pr0n site access!] Features: supports sessions so you can save and resume cracking from where you left off, automatically logs all valid accounts found, supports running multiple instances so you can crack multiple targets at once, support for proxy servers, allows customized User ID and Password dictionary attacks, automatically tries the user id as the first password - a common weakness on many systems, allows on-the-fly variable replacement so user ids can be incorporated into passwords, allows on-the-fly ID and/or password case changes for case sensitive servers, uses standard HTTP 1.0 calls for compatibility with just about any web site, minimum password length check so you don't send passwords shorter than the target system allows, easy to use interface and options, extremely fast, much more. New in this release: multi-threaded cracking for faster results, now supports CGI and other "non-standard" login scripts, new and much improved user interface, no limit to the size of password lists which can be used, extended logging capabilities, much better progress indicators, statistics screen that provides details about the speed and efficiency of your cracking sessions. Freeware.
2b8b165a51ff2923112d24966e9fc8d97d8c04025ed458b14a3d838ab8ee4b37
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed