[CLOSE] OSVDB ID : 29535 - Disclosed: 2006-10-05

Description:

(Description Provided by CVE) : Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and earlier, r11.1, and 9.01; BrightStor ARCserve Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; and Business Protection Suite r2 allow remote attackers to execute arbitrary code via crafted data on TCP port 6071 to the Backup Agent RPC Server (DBASVR.exe) using the RPC routines with opcode (1) 0x01, (2) 0x02, or (3) 0x18; invalid stub data on TCP port 6503 to the RPC routines with opcode (4) 0x2b or (5) 0x2d in ASCORE.dll in the Message Engine RPC Server (msgeng.exe); (6) a long hostname on TCP port 41523 to ASBRDCST.DLL in the Discovery Service (casdscsvc.exe); or unspecified vectors related to the (7) Job Engine Service.

[CLOSE] OSVDB ID : 22529 - Disclosed: 2006-01-17

Description:

Multiple Computer Associates products that use DM Primer contain a flaw that may allow a remote denial of service. The issue is triggered when a UDP packet of larger than 1000h is intercepted, and recvfrom triggers an error which returns a -1 value, which will result in loss of availability of the Remote Control service.

[CLOSE] OSVDB ID : 56834 - Disclosed: 2009-08-06

Description:

(Description Provided by CVE) : Stack-based buffer overflow in a token searching function in the dtscore library in Data Transport Services in CA Software Delivery r11.2 C1, C2, C3, and SP4; Unicenter Software Delivery 4.0 C3; CA Advantage Data Transport 3.0 C1; and CA IT Client Manager r12 allows remote attackers to execute arbitrary code via crafted data.

[CLOSE] OSVDB ID : 22530 - Disclosed: 2006-01-17

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 44423 - Disclosed: 2008-04-16

Description:

(Description Provided by CVE) : The DSM gui_cm_ctrls ActiveX control (gui_cm_ctrls.ocx), as used in multiple CA products including BrightStor ARCServe Backup for Laptops and Desktops r11.5, Desktop Management Suite r11.1 through r11.2 C2; Unicenter r11.1 through r11.2 C2; and Desktop and Server Management r11.1 through r11.2 C2 allows remote attackers to execute arbitrary code via crafted function arguments.

[CLOSE] OSVDB ID : 43214 - Disclosed: 2008-03-16

Description:

A buffer overflow exists in multiple CA products. The DSM ListCTRL ActiveX control fails to validate input passed to the AddColumn() method resulting in a stack overflow. With a specially crafted web page, a context dependent attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 34586 - Disclosed: 2007-05-09

Description:

A buffer overflow exists in multiple CA products. InoCore.dll fails to validate file mappings resulting in a stack overflow. With a specially crafted file mapping, a local attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 34585 - Disclosed: 2007-05-09

Description:

A buffer overflow exists in multiple CA products. The inoweb service fails to validate the username and password resulting in a buffer overflow. With a specially crafted username or password, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 47593 - Disclosed: 2008-08-12

Description:

(Description Provided by CVE) : The kmxfw.sys driver in CA Host-Based Intrusion Prevention System (HIPS) r8, as used in CA Internet Security Suite and Personal Firewall, does not properly verify IOCTL requests, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted request.

[CLOSE] OSVDB ID : 47594 - Disclosed: 2008-08-12

Description:

(Description Provided by CVE) : Unspecified vulnerability in the kmxfw.sys driver in CA Host-Based Intrusion Prevention System (HIPS) r8, as used in CA Internet Security Suite and Personal Firewall, allows remote attackers to cause a denial of service via unknown vectors, related to "insufficient validation."

[CLOSE] OSVDB ID : 18916 - Disclosed: 2005-08-22

Description:

Multiple buffer overflows exists in multiple CA products. The Message Queuing component fails to validate multiple unspecified paraments, as well as data passed to the log_security() function resulting in a buffer overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 18915 - Disclosed: 2005-08-22

Description:

(Description Provided by CVE) : Unknown vulnerability in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allows attackers to cause a denial of service via unknown vectors, aka the "CAM TCP port vulnerability."

[CLOSE] OSVDB ID : 38598 - Disclosed: 2007-07-24

Description:

(Description Provided by CVE) : Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in CA (formerly Computer Associates) Message Queuing (CAM / CAFT) software before 1.11 Build 54_4 on Windows and NetWare, as used in CA Advantage Data Transport, eTrust Admin, certain BrightStor products, certain CleverPath products, and certain Unicenter products, allows remote attackers to execute arbitrary code via a crafted message to TCP port 3104.

[CLOSE] OSVDB ID : 18917 - Disclosed: 2005-08-22

Description:

(Description Provided by CVE) : Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allows remote attackers to execute arbitrary commands via spoofed CAFT packets.

[CLOSE] OSVDB ID : 69703 - Disclosed: 2010-12-09

Description:

Multiple CA products is prone to an overflow condition. The "create_session_bab" SOAP operation fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted POST request to the xosoapapi.asmx process, a remote attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 32359 - Disclosed: 2006-12-20

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 26654 - Disclosed: 2006-06-27

Description:

CA Integrated Threat Management, eTrust Antivirus and eTrust PestPatrol Anti-Spyware Corporate Edition contain a flaw that may allow a remote denial of service. The issue is triggered when a format string error occurs when handling the description field of a scan job, and will result in loss of availability for the platform.

[CLOSE] OSVDB ID : 48559 - Disclosed: 2008-09-24

Description:

CA Service Desk contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied input upon submission to the Document List. This could allow an analyst or admin to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 48558 - Disclosed: 2008-09-24

Description:

CA Service Desk contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied input upon submission to the "Keyword" field. This could allow an analyst or admin to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 48557 - Disclosed: 2008-09-24

Description:

CA Service Desk contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied input upon submission to the "A request number" field. This could allow a regular user or guest to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 48556 - Disclosed: 2008-09-24

Description:

CA Service Desk contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied input upon submission to the "Solution" field. This could allow a regular user or guest to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 51189 - Disclosed: 2009-01-07

Description:

(Description Provided by CVE) : The smmsnmpd service in CA Service Metric Analysis r11.0 through r11.1 SP1 and Service Level Management 3.5 does not properly restrict access, which allows remote attackers to execute arbitrary commands via unspecified vectors.

[CLOSE] OSVDB ID : 36096 - Disclosed: 2007-07-17

Description:

(Description Provided by CVE) : Multiple stack-based buffer overflows in the RPC implementation in alert.exe before 8.0.255.0 in CA (formerly Computer Associates) Alert Notification Server, as used in Threat Manager for the Enterprise, Protection Suites, certain BrightStor ARCserve products, and BrightStor Enterprise Backup, allow remote attackers to execute arbitrary code by sending certain data to unspecified RPC procedures.

[CLOSE] OSVDB ID : 73414 - Disclosed: 2011-02-23

Description:

(Description Provided by CVE) : The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods.

[CLOSE] OSVDB ID : 91518 - Disclosed: 2013-03-19

Description:

Multiple CA SiteMinder products contains a flaw that is triggered during the validation of XML signatures that are for a SAML assertion. This may allow a remote attacker to spoof a valid user.

[CLOSE] OSVDB ID : 68759 - Disclosed: 2010-09-24

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 74344 - Disclosed: 2011-04-20

Description:

CA Output Management Web Viewer is prone to an overflow condition. The ActiveX control fails to properly sanitize user supplied input, resulting in a stack-based buffer overflow. With a specially crafted overly long string passed via the 'SRC' object parameter, a remote attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 74343 - Disclosed: 2011-04-20

Description:

CA Output Management Web Viewer is prone to an overflow condition. The UOMWV_Helper ActiveX control fails to properly sanitize user supplied input, resulting in a stack-based buffer overflow. With a specially crafted overly long string passed via the 'title' property, a remote attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 30497 - Disclosed: 2006-11-16

Description:

(Description Provided by CVE) : Computer Associates Host Intrusion Prevention System (HIPS) drivers (1) Core kmxstart.sys 6.5.4.31 and (2) Firewall kmxfw.sys 6.5.4.10 allow local users to gain privileges by using certain privileged IOCTLs to modify callback function pointers.

[CLOSE] OSVDB ID : 30498 - Disclosed: 2006-11-16

Description:

(Description Provided by CVE) : Computer Associates Host Intrusion Prevention System (HIPS) drivers (1) Core kmxstart.sys 6.5.4.31 and (2) Firewall kmxfw.sys 6.5.4.10 allow local users to gain privileges by using certain privileged IOCTLs to modify callback function pointers.