[CLOSE] OSVDB ID : 40109 - Disclosed: 2007-12-05

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in CA (formerly Computer Associates) eTrust Threat Management Console allow remote attackers to inject arbitrary web script or HTML via the IP Address field and other unspecified fields.

[CLOSE] OSVDB ID : 80485 - Disclosed: 2012-03-19

Description:

CA eTrust Vet Antivirus contains a flaw related to the anti-virus / anti-malware scanning functionality. This may allow a context-dependent attacker to use a specially crafted CAB file in order to bypass the scanning functionality, allowing for the delivery of malware.

[CLOSE] OSVDB ID : 80425 - Disclosed: 2012-03-19

Description:

CA eTrust Vet Antivirus contains a flaw related to the anti-virus / anti-malware scanning functionality. This may allow a context-dependent attacker to use a specially crafted ELF file in order to bypass the scanning functionality, allowing for the delivery of malware.

[CLOSE] OSVDB ID : 74119 - Disclosed: 2011-07-21

Description:

(Description Provided by CVE) : Icihttp.exe in CA Gateway Security for HTTP, as used in CA Gateway Security 8.1 before 8.1.0.69 and CA Total Defense r12, does not properly parse URLs, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and daemon crash) via a malformed request.

[CLOSE] OSVDB ID : 57168 - Disclosed: 2009-08-18

Description:

(Description Provided by CVE) : kmxIds.sys before 7.3.1.18 in CA Host-Based Intrusion Prevention System (HIPS) 8.1 allows remote attackers to cause a denial of service (system crash) via a malformed packet.

[CLOSE] OSVDB ID : 37998 - Disclosed: 2007-10-18

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the Server component in CA Host-Based Intrusion Prevention System (HIPS) before 8.0.0.93 allows remote attackers to inject arbitrary web script or HTML via requests that are written to logs for later display in the log viewer.

[CLOSE] OSVDB ID : 88557 - Disclosed: 2012-12-20

Description:

CA IdentityMinder contains an unspecified flaw that may allow a remote attacker to execute arbitrary commands or manipulate arbitrary data. No further details have been provided.

[CLOSE] OSVDB ID : 88559 - Disclosed: 2012-12-20

Description:

CA IdentityMinder contains an unspecified flaw that may allow an attacker to gain access to unauthorized privileges. No further details have been provided.

[CLOSE] OSVDB ID : 19920 - Disclosed: 2005-10-10

Description:

A remote overflow exists in Computer Associates iGateway. The application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted HTTP GET request, a remote attacker can cause arbitrary code execution with SYSTEM privileges resulting in a loss of integrity.

[CLOSE] OSVDB ID : 22688 - Disclosed: 2006-01-23

Description:

A remote overflow exists in iGateway. The web server fails to properly validate the Content-Length header, resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code to be executed, resulting in a loss of integrity and/or availability.

[CLOSE] OSVDB ID : 69518 - Disclosed: 2010-11-28

Description:

CA Internet Security Suite Plus contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when a pool corruption vulnerability in the handling of IOTCL 0x88000080 in the KmxSbx.sys kernel driver is exploited to cause a buffer overflow, allowing a local attacker to execute arbitrary code with elevated privileges.

[CLOSE] OSVDB ID : 45679 - Disclosed: 2008-05-28

Description:

(Description Provided by CVE) : Directory traversal vulnerability in the UmxEventCli.CachedAuditDataList.1 (aka UmxEventCliLib) ActiveX control in UmxEventCli.dll in CA Internet Security Suite 2008 allows remote attackers to create and overwrite arbitrary files via a .. (dot dot) in the argument to the SaveToFile method. NOTE: this can be leveraged for code execution by writing to a Startup folder. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 57228 - Disclosed: 2009-08-18

Description:

(Description Provided by CVE) : vetmonnt.sys in CA Internet Security Suite r3, vetmonnt.sys before 9.0.0.184 in Internet Security Suite r4, and vetmonnt.sys before 10.0.0.217 in Internet Security Suite r5 do not properly verify IOCTL calls, which allows local users to cause a denial of service (system crash) via a crafted call.

[CLOSE] OSVDB ID : 14323 - Disclosed: 2005-03-02

Description:

CA License Manager contains a flaw that allows a remote attacker to create arbitrary files on the file system. The issue is due to the License Client not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the PUTOLF command.

[CLOSE] OSVDB ID : 14320 - Disclosed: 2005-03-02

Description:

A remote overflow exists in License Manager. The program fails to validate GCR Checksum packets resulting in a stack overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 14321 - Disclosed: 2005-03-02

Description:

A remote overflow exists in License Manager. The program fails to validate GCR Request packets resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 14389 - Disclosed: 2005-03-02

Description:

Muliple remote overflows exist in CA License Manager. The LIC98RMT.EXE component fails to validate the parameters passed to several commands resulting in buffer overflows. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 21146 - Disclosed: 2006-02-02

Description:

CA Message Queueing contains a flaw that may allow a remote denial of service. The issue is triggered when crafted messages are received on TCP port 4105, and will result in loss of availability for the service.

[CLOSE] OSVDB ID : 21147 - Disclosed: 2006-02-02

Description:

(Description Provided by CVE) : Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 Build 220_16 and 1.11 Build 29_20, as used in multiple CA products, allows remote attackers to cause a denial of service via spoofed CAM control messages.

[CLOSE] OSVDB ID : 16027 - Disclosed: 2002-04-05

Description:

(Description Provided by CVE) : Buffer overflows in Computer Associates MLink (CA-MLink) 6.5 and earlier may allow local users to execute arbitrary code via long command line arguments to (1) mlclear or (2) mllock.

[CLOSE] OSVDB ID : 16028 - Disclosed: 2002-04-05

Description:

(Description Provided by CVE) : Buffer overflows in Computer Associates MLink (CA-MLink) 6.5 and earlier may allow local users to execute arbitrary code via long command line arguments to (1) mlclear or (2) mllock.

[CLOSE] OSVDB ID : 85880 - Disclosed: 2012-10-01

Description:

Multiple CA products contain a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when the CA Licensing component fails to securely handle system commands. This may allow a local attacker to gain escalated privileges and execute arbitrary commands.

[CLOSE] OSVDB ID : 85879 - Disclosed: 2012-10-01

Description:

Multiple CA products contain a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when an error occurs in the CA Licensing component during the handling of user permissions. This may allow a local attacker to edit or change an arbitrary file in order to gain escalated privileges.

[CLOSE] OSVDB ID : 45367 - Disclosed: 2008-05-19

Description:

(Description Provided by CVE) : Directory traversal vulnerability in caloggerd in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allows remote attackers to append arbitrary data to arbitrary files via directory traversal sequences in unspecified input fields, which are used in log messages. NOTE: this can be leveraged for code execution in many installation environments by writing to a startup file or configuration file.

[CLOSE] OSVDB ID : 45368 - Disclosed: 2008-05-19

Description:

(Description Provided by CVE) : Multiple buffer overflows in xdr functions in the server in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allow remote attackers to execute arbitrary code, as demonstrated by a stack-based buffer overflow via a long parameter to the xdr_rwsstring function.

[CLOSE] OSVDB ID : 44040 - Disclosed: 2008-04-03

Description:

Multiple buffer overflows exist in multiple CA products. The Alert Notification Server fails to validate data passed to multiple unspecified parameters, in addition to known RPC requests, resulting in a stack overflow. With a specially crafted request, a remote authenticated attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 16780 - Disclosed: 2005-05-23

Description:

A remote overflow exists in multiple products which rely on Computer Associates Vet Antivirus engine. The engine fails to perform bounds checking while analyzing an OLE stream resulting in a heap overflow. With a specially crafted Microsoft Office document, an attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 58691 - Disclosed: 2009-10-08

Description:

(Description Provided by CVE) : Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted RAR archive file that triggers heap corruption, a different vulnerability than CVE-2009-3588.

[CLOSE] OSVDB ID : 38611 - Disclosed: 2007-07-24

Description:

(Description Provided by CVE) : arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust Antivirus) 8 and certain other CA products allows remote attackers to cause a denial of service (infinite loop and loss of antivirus functionality) via an invalid "previous listing chunk number" field in a CHM file.

[CLOSE] OSVDB ID : 29534 - Disclosed: 2006-10-05

Description:

(Description Provided by CVE) : Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and earlier, r11.1, and 9.01; BrightStor ARCserve Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; and Business Protection Suite r2 allow remote attackers to execute arbitrary code via crafted data on TCP port 6071 to the Backup Agent RPC Server (DBASVR.exe) using the RPC routines with opcode (1) 0x01, (2) 0x02, or (3) 0x18; invalid stub data on TCP port 6503 to the RPC routines with opcode (4) 0x2b or (5) 0x2d in ASCORE.dll in the Message Engine RPC Server (msgeng.exe); (6) a long hostname on TCP port 41523 to ASBRDCST.DLL in the Discovery Service (casdscsvc.exe); or unspecified vectors related to the (7) Job Engine Service.