[CLOSE] OSVDB ID : 32359 - Disclosed: 2006-12-20

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 26654 - Disclosed: 2006-06-27

Description:

CA Integrated Threat Management, eTrust Antivirus and eTrust PestPatrol Anti-Spyware Corporate Edition contain a flaw that may allow a remote denial of service. The issue is triggered when a format string error occurs when handling the description field of a scan job, and will result in loss of availability for the platform.

[CLOSE] OSVDB ID : 48559 - Disclosed: 2008-09-24

Description:

CA Service Desk contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied input upon submission to the Document List. This could allow an analyst or admin to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 48558 - Disclosed: 2008-09-24

Description:

CA Service Desk contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied input upon submission to the "Keyword" field. This could allow an analyst or admin to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 48557 - Disclosed: 2008-09-24

Description:

CA Service Desk contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied input upon submission to the "A request number" field. This could allow a regular user or guest to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 48556 - Disclosed: 2008-09-24

Description:

CA Service Desk contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied input upon submission to the "Solution" field. This could allow a regular user or guest to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 51189 - Disclosed: 2009-01-07

Description:

(Description Provided by CVE) : The smmsnmpd service in CA Service Metric Analysis r11.0 through r11.1 SP1 and Service Level Management 3.5 does not properly restrict access, which allows remote attackers to execute arbitrary commands via unspecified vectors.

[CLOSE] OSVDB ID : 36096 - Disclosed: 2007-07-17

Description:

(Description Provided by CVE) : Multiple stack-based buffer overflows in the RPC implementation in alert.exe before 8.0.255.0 in CA (formerly Computer Associates) Alert Notification Server, as used in Threat Manager for the Enterprise, Protection Suites, certain BrightStor ARCserve products, and BrightStor Enterprise Backup, allow remote attackers to execute arbitrary code by sending certain data to unspecified RPC procedures.

[CLOSE] OSVDB ID : 73414 - Disclosed: 2011-02-23

Description:

(Description Provided by CVE) : The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods.

[CLOSE] OSVDB ID : 68759 - Disclosed: 2010-09-24

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 74344 - Disclosed: 2011-04-20

Description:

CA Output Management Web Viewer is prone to an overflow condition. The ActiveX control fails to properly sanitize user supplied input, resulting in a stack-based buffer overflow. With a specially crafted overly long string passed via the 'SRC' object parameter, a remote attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 74343 - Disclosed: 2011-04-20

Description:

CA Output Management Web Viewer is prone to an overflow condition. The UOMWV_Helper ActiveX control fails to properly sanitize user supplied input, resulting in a stack-based buffer overflow. With a specially crafted overly long string passed via the 'title' property, a remote attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 30497 - Disclosed: 2006-11-16

Description:

(Description Provided by CVE) : Computer Associates Host Intrusion Prevention System (HIPS) drivers (1) Core kmxstart.sys 6.5.4.31 and (2) Firewall kmxfw.sys 6.5.4.10 allow local users to gain privileges by using certain privileged IOCTLs to modify callback function pointers.

[CLOSE] OSVDB ID : 30498 - Disclosed: 2006-11-16

Description:

(Description Provided by CVE) : Computer Associates Host Intrusion Prevention System (HIPS) drivers (1) Core kmxstart.sys 6.5.4.31 and (2) Firewall kmxfw.sys 6.5.4.10 allow local users to gain privileges by using certain privileged IOCTLs to modify callback function pointers.

[CLOSE] OSVDB ID : 42303 - Disclosed: 2007-09-27

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 42312 - Disclosed: 2007-12-12

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 65382 - Disclosed: 2010-06-10

Description:

(Description Provided by CVE) : Multiple unspecified vulnerabilities in the CA (1) PSFormX and (2) WebScan ActiveX controls, as distributed on the CA Global Advisor web site until May 2009, allow remote attackers to execute arbitrary code via unknown vectors.

[CLOSE] OSVDB ID : 25234 - Disclosed: 2006-05-02

Description:

(Description Provided by CVE) : Unspecified vulnerability in CA Resource Initialization Manager (CAIRIM) 1.x before 20060502, as used in z/OS Common Services and the LMP component in multiple products, allows attackers to violate integrity via a certain "problem state program" that uses SVC to gain access to supervisor state, key 0.

[CLOSE] OSVDB ID : 44609 - Disclosed: 2008-04-18

Description:

(Description Provided by CVE) : The eTrust Common Services (Transport) Daemon (eCSqdmn) in CA Secure Content Manager 8.0.28000.511 and earlier allows remote attackers to cause a denial of service (crash or CPU consumption) via a malformed packet to TCP port 1882.

[CLOSE] OSVDB ID : 70840 - Disclosed: 2011-02-07

Description:

CA Secure Content Manager is prone to an overflow condition. The eTrust Common Services Transport service, ECSQdmn.exe, fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted request to port 1882, a remote attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 46013 - Disclosed: 2008-06-04

Description:

(Description Provided by CVE) : Multiple stack-based buffer overflows in the HTTP Gateway Service (icihttp.exe) in CA eTrust Secure Content Manager 8.0 allow remote attackers to execute arbitrary code or cause a denial of service via long FTP responses, related to (1) the file month field in a LIST command; (2) the PASV command; and (3) directories, files, and links in a LIST command.

[CLOSE] OSVDB ID : 46012 - Disclosed: 2008-06-04

Description:

(Description Provided by CVE) : Multiple stack-based buffer overflows in the HTTP Gateway Service (icihttp.exe) in CA eTrust Secure Content Manager 8.0 allow remote attackers to execute arbitrary code or cause a denial of service via long FTP responses, related to (1) the file month field in a LIST command; (2) the PASV command; and (3) directories, files, and links in a LIST command.

[CLOSE] OSVDB ID : 62511 - Disclosed: 2010-02-22

Description:

CA Service Desk Tomcat contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'name' parameter upon submission to the 'host-manager/html/add' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 60848 - Disclosed: 2009-12-08

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the web interface in CA Service Desk 12.1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.

[CLOSE] OSVDB ID : 56969 - Disclosed: 2009-06-08

Description:

(Description Provided by CVE) : CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing non-canonical, "overlong Unicode" in place of blacklisted characters.

[CLOSE] OSVDB ID : 56970 - Disclosed: 2009-06-08

Description:

(Description Provided by CVE) : CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing a %00 (encoded null byte).

[CLOSE] OSVDB ID : 77570 - Disclosed: 2011-12-08

Description:

CA SiteMinder contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'target' parameter upon submission to the login.fcc script when 'postpreservationdata' is set to fail. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 74357 - Disclosed: 2011-04-20

Description:

CA SiteMinder contains a flaw in the Web Agents component that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when parsing multi-line headers, allowing a remote authenticated attacker to gain the privileges of the current user.

[CLOSE] OSVDB ID : 62739 - Disclosed: 2010-03-04

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks Publisher 6.x through 8.x; WebWorks Publisher 2003; and WebWorks ePublisher 9.0.x through 9.3, 2008.1 through 2008.4, and 2009.x before 2009.3 allow remote attackers to inject arbitrary web script or HTML via (1) wwhelp_entry.html, reachable through index.html and wwhsec.htm, (2) wwhelp/wwhimpl/api.htm, (3) wwhelp/wwhimpl/common/html/frameset.htm, (4) wwhelp/wwhimpl/common/scripts/switch.js, or (5) the window.opener component in wwhelp/wwhimpl/common/html/bookmark.htm, related to (a) unspecified parameters and (b) messages used in topic links for the bookmarking functionality.

[CLOSE] OSVDB ID : 62742 - Disclosed: 2010-03-04

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks Publisher 6.x through 8.x; WebWorks Publisher 2003; and WebWorks ePublisher 9.0.x through 9.3, 2008.1 through 2008.4, and 2009.x before 2009.3 allow remote attackers to inject arbitrary web script or HTML via (1) wwhelp_entry.html, reachable through index.html and wwhsec.htm, (2) wwhelp/wwhimpl/api.htm, (3) wwhelp/wwhimpl/common/html/frameset.htm, (4) wwhelp/wwhimpl/common/scripts/switch.js, or (5) the window.opener component in wwhelp/wwhimpl/common/html/bookmark.htm, related to (a) unspecified parameters and (b) messages used in topic links for the bookmarking functionality.