[CLOSE] OSVDB ID : 54302 - Disclosed: 2009-02-27

Description:

C2C Forward Auction Creator contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the admin.asp script not properly sanitizing user-supplied input to the 'User ID' and 'Password' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 54305 - Disclosed: 2009-02-27

Description:

C2C Reverse Auction Creator contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the admin.asp script not properly sanitizing user-supplied input to the 'User ID' and 'Password' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 42100 - Disclosed: 2005-08-05

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 54570 - Disclosed: 2009-05-14

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 53604 - Disclosed: 2009-01-27

Description:

(Description Provided by CVE) : Multiple unspecified vulnerabilities in the Arclib library (arclib.dll) before 7.3.0.15 in the CA Anti-Virus engine for CA Anti-Virus for the Enterprise 7.1, r8, and r8.1; Anti-Virus 2007 v8 and 2008; Internet Security Suite 2007 v3 and 2008; and other CA products allow remote attackers to bypass virus detection via a malformed archive file.

[CLOSE] OSVDB ID : 35244 - Disclosed: 2007-06-05

Description:

A buffer overflow exists in multiple CA products. The Anti-Virus engine fails to validate CAB archive files resulting in a stack overflow. With a specially crafted CAB containing a file with a long filename, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 35245 - Disclosed: 2007-06-05

Description:

A buffer overflow exists in multiple CA products. The Anti-Virus engine fails to validate CAB files resulting in a stack overflow. With a specially crafted CAB file containing a malformed "coffFiles" field, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 30845 - Disclosed: 2006-12-13

Description:

(Description Provided by CVE) : The (1) VetMONNT.sys and (2) VetFDDNT.sys drivers in CA Anti-Virus 2007 8.1, Anti-Virus for Vista Beta 8.2, and CA Internet Security Suite 2007 v3.0 do not properly handle NULL buffers, which allows local users with administrative access to cause a denial of service (system crash) via certain IOCTLs.

[CLOSE] OSVDB ID : 72125 - Disclosed: 2011-04-26

Description:

CA Arcot WebFort Versatile Authentication contains a flaw that allows a remote cross site redirection attack. This flaw exists because the application does not validate certain unspecified input. This could allow a user to create a specially crafted URL, that if clicked, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker's choosing. Such attacks are useful as the crafted URL initially appear to be a web page of a trusted site. This could be leveraged to direct an unsuspecting user to a web page containing attacks that target client side software such as a web browser or document rendering programs.

[CLOSE] OSVDB ID : 72124 - Disclosed: 2011-04-26

Description:

CA Arcot WebFort Versatile Authentication Server contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 5482 - Disclosed: 2004-04-08

Description:

(Description Provided by CVE) : Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 stores the backup agent user name and password in cleartext in the aremote.dmp file in the ARCSERVE$ hidden share, which allows local and remote attackers to gain privileges.

[CLOSE] OSVDB ID : 49471 - Disclosed: 2008-10-09

Description:

(Description Provided by CVE) : Unspecified vulnerability in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash of multiple services) via crafted authentication credentials, related to "insufficient validation."

[CLOSE] OSVDB ID : 49470 - Disclosed: 2008-10-09

Description:

(Description Provided by CVE) : Unspecified vulnerability in the database engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request, related to "insufficient validation."

[CLOSE] OSVDB ID : 63260 - Disclosed: 2010-03-18

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 55227 - Disclosed: 2009-06-15

Description:

(Description Provided by CVE) : The message engine in CA ARCserve Backup r12.0 and r12.0 SP1 for Windows allows remote attackers to cause a denial of service (crash) via (1) an invalid 0x13 message, which is not properly handled in the ASCORE module, or (2) a 0x3B message with invalid stub data that triggers an RPC marshalling error.

[CLOSE] OSVDB ID : 55226 - Disclosed: 2009-06-15

Description:

(Description Provided by CVE) : The message engine in CA ARCserve Backup r12.0 and r12.0 SP1 for Windows allows remote attackers to cause a denial of service (crash) via (1) an invalid 0x13 message, which is not properly handled in the ASCORE module, or (2) a 0x3B message with invalid stub data that triggers an RPC marshalling error.

[CLOSE] OSVDB ID : 50683 - Disclosed: 2008-12-10

Description:

(Description Provided by CVE) : The LDBserver service in the server in CA ARCserve Backup 11.1 through 12.0 on Windows allows remote attackers to execute arbitrary code via a handle_t argument to an RPC endpoint in which the argument refers to an incompatible procedure.

[CLOSE] OSVDB ID : 65242 - Disclosed: 2010-06-03

Description:

(Description Provided by CVE) : Unspecified vulnerability in CA ARCserve Backup r11.5 SP4, r12.0 SP2, and r12.5 SP1 on Windows allows local users to obtain sensitive information via unknown vectors.

[CLOSE] OSVDB ID : 49468 - Disclosed: 2008-10-09

Description:

ARCServe Backup is prone to an overflow condition. The RPC interface fails to properly sanitize user-supplied input to opcode 0x342 resulting in a buffer overflow. With a specially crafted request, a remote attacker can potentially cause arbitrary code execution.

[CLOSE] OSVDB ID : 49469 - Disclosed: 2008-10-09

Description:

(Description Provided by CVE) : Unspecified vulnerability in the tape engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request.

[CLOSE] OSVDB ID : 70233 - Disclosed: 2010-12-30

Description:

By default, CA ARCserve D2D deploys Axis2 with default credentials. The admin account has a password of axis2 which is publicly known and documented. This allows attackers to trivially access the program or system and gain privileged access. An attacker may also then upload a crafted .aar file to execute arbitrary code.

[CLOSE] OSVDB ID : 74162 - Disclosed: 2011-07-25

Description:

(Description Provided by CVE) : BaseServiceImpl.class in CA ARCserve D2D r15 does not properly handle sessions, which allows remote attackers to obtain credentials, and consequently execute arbitrary commands, via unspecified vectors.

[CLOSE] OSVDB ID : 5483 - Disclosed: 2001-09-14

Description:

Computer Associates ARCserver contains a flaw that may lead to an unauthorized information disclosure or possibly system compromise. The issue is triggered by an attacker connecting to the ARCSERVE$ share.

[CLOSE] OSVDB ID : 10083 - Disclosed: 1999-02-21

Description:

(Description Provided by CVE) : ARCserve NT agents use weak encryption (XOR) for passwords, which allows remote attackers to sniff the authentication request to port 6050 and decrypt the password.

[CLOSE] OSVDB ID : 6765 - Disclosed: 2001-05-18

Description:

(Description Provided by CVE) : Computer Associates ARCserveIT 6.61 and 6.63 (also called ARCservIT) allows local users to overwrite arbitrary files via a symlink attack on the temporary files (1) asagent.tmp or (2) inetd.tmp.

[CLOSE] OSVDB ID : 10085 - Disclosed: 2000-07-28

Description:

(Description Provided by CVE) : uagentsetup in ARCServeIT Client Agent 6.62 does not properly check for the existence or ownership of a temporary file which is moved to the agent.cfg configuration file, which allows local users to execute arbitrary commands by modifying the temporary file before it is moved.

[CLOSE] OSVDB ID : 18501 - Disclosed: 2005-08-02

Description:

A remote stack-based buffer overflow exists in Brightstor Arcserve. The agent software fails to validate user-supplied input resulting in a long string overflow. With a specially crafted request of 3168 bytes to port 6070, an attacker can execute arbitrary code with System privilege resulting in a loss of confidentiality and integrity.

[CLOSE] OSVDB ID : 31318 - Disclosed: 2006-10-07

Description:

A buffer overflow exists in ARCserve Backup. The message engine fails to validate RPC requests on TCP ports 6503 and 6504 resulting in a stack overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 57056 - Disclosed: 2007-10-11

Description:

A remote overflow exists in a DLL distributed with CA BrightStor ARCServe BackUp. The application fails to properly bound check RPC messages resulting in an overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of confidentiality, integrity, and/or availability.

[CLOSE] OSVDB ID : 41374 - Disclosed: 2007-10-11

Description:

(Description Provided by CVE) : The cadbd RPC service in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to (1) execute arbitrary code via stack-based buffer overflows in unspecified RPC procedures, and (2) trigger memory corruption related to the use of "handle" RPC arguments as pointers.