[CLOSE] OSVDB ID : 42303 - Disclosed: 2007-09-27

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 42312 - Disclosed: 2007-12-12

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 65382 - Disclosed: 2010-06-10

Description:

(Description Provided by CVE) : Multiple unspecified vulnerabilities in the CA (1) PSFormX and (2) WebScan ActiveX controls, as distributed on the CA Global Advisor web site until May 2009, allow remote attackers to execute arbitrary code via unknown vectors.

[CLOSE] OSVDB ID : 25234 - Disclosed: 2006-05-02

Description:

(Description Provided by CVE) : Unspecified vulnerability in CA Resource Initialization Manager (CAIRIM) 1.x before 20060502, as used in z/OS Common Services and the LMP component in multiple products, allows attackers to violate integrity via a certain "problem state program" that uses SVC to gain access to supervisor state, key 0.

[CLOSE] OSVDB ID : 44609 - Disclosed: 2008-04-18

Description:

(Description Provided by CVE) : The eTrust Common Services (Transport) Daemon (eCSqdmn) in CA Secure Content Manager 8.0.28000.511 and earlier allows remote attackers to cause a denial of service (crash or CPU consumption) via a malformed packet to TCP port 1882.

[CLOSE] OSVDB ID : 70840 - Disclosed: 2011-02-08

Description:

CA Secure Content Manager is prone to an overflow condition. The eTrust Common Services Transport service, ECSQdmn.exe, fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted request to port 1882, a remote attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 46013 - Disclosed: 2008-06-04

Description:

(Description Provided by CVE) : Multiple stack-based buffer overflows in the HTTP Gateway Service (icihttp.exe) in CA eTrust Secure Content Manager 8.0 allow remote attackers to execute arbitrary code or cause a denial of service via long FTP responses, related to (1) the file month field in a LIST command; (2) the PASV command; and (3) directories, files, and links in a LIST command.

[CLOSE] OSVDB ID : 46012 - Disclosed: 2008-06-04

Description:

(Description Provided by CVE) : Multiple stack-based buffer overflows in the HTTP Gateway Service (icihttp.exe) in CA eTrust Secure Content Manager 8.0 allow remote attackers to execute arbitrary code or cause a denial of service via long FTP responses, related to (1) the file month field in a LIST command; (2) the PASV command; and (3) directories, files, and links in a LIST command.

[CLOSE] OSVDB ID : 62511 - Disclosed: 2010-02-22

Description:

CA Service Desk Tomcat contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'name' parameter upon submission to the 'host-manager/html/add' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 60848 - Disclosed: 2009-12-08

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the web interface in CA Service Desk 12.1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.

[CLOSE] OSVDB ID : 56969 - Disclosed: 2009-06-08

Description:

(Description Provided by CVE) : CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing non-canonical, "overlong Unicode" in place of blacklisted characters.

[CLOSE] OSVDB ID : 56970 - Disclosed: 2009-06-08

Description:

(Description Provided by CVE) : CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing a %00 (encoded null byte).

[CLOSE] OSVDB ID : 77570 - Disclosed: 2011-12-08

Description:

CA SiteMinder contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'target' parameter upon submission to the login.fcc script when 'postpreservationdata' is set to fail. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 74357 - Disclosed: 2011-04-20

Description:

CA SiteMinder contains a flaw in the Web Agents component that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when parsing multi-line headers, allowing a remote authenticated attacker to gain the privileges of the current user.

[CLOSE] OSVDB ID : 62739 - Disclosed: 2010-03-04

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks Publisher 6.x through 8.x; WebWorks Publisher 2003; and WebWorks ePublisher 9.0.x through 9.3, 2008.1 through 2008.4, and 2009.x before 2009.3 allow remote attackers to inject arbitrary web script or HTML via (1) wwhelp_entry.html, reachable through index.html and wwhsec.htm, (2) wwhelp/wwhimpl/api.htm, (3) wwhelp/wwhimpl/common/html/frameset.htm, (4) wwhelp/wwhimpl/common/scripts/switch.js, or (5) the window.opener component in wwhelp/wwhimpl/common/html/bookmark.htm, related to (a) unspecified parameters and (b) messages used in topic links for the bookmarking functionality.

[CLOSE] OSVDB ID : 62742 - Disclosed: 2010-03-04

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks Publisher 6.x through 8.x; WebWorks Publisher 2003; and WebWorks ePublisher 9.0.x through 9.3, 2008.1 through 2008.4, and 2009.x before 2009.3 allow remote attackers to inject arbitrary web script or HTML via (1) wwhelp_entry.html, reachable through index.html and wwhsec.htm, (2) wwhelp/wwhimpl/api.htm, (3) wwhelp/wwhimpl/common/html/frameset.htm, (4) wwhelp/wwhimpl/common/scripts/switch.js, or (5) the window.opener component in wwhelp/wwhimpl/common/html/bookmark.htm, related to (a) unspecified parameters and (b) messages used in topic links for the bookmarking functionality.

[CLOSE] OSVDB ID : 62740 - Disclosed: 2010-03-04

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks Publisher 6.x through 8.x; WebWorks Publisher 2003; and WebWorks ePublisher 9.0.x through 9.3, 2008.1 through 2008.4, and 2009.x before 2009.3 allow remote attackers to inject arbitrary web script or HTML via (1) wwhelp_entry.html, reachable through index.html and wwhsec.htm, (2) wwhelp/wwhimpl/api.htm, (3) wwhelp/wwhimpl/common/html/frameset.htm, (4) wwhelp/wwhimpl/common/scripts/switch.js, or (5) the window.opener component in wwhelp/wwhimpl/common/html/bookmark.htm, related to (a) unspecified parameters and (b) messages used in topic links for the bookmarking functionality.

[CLOSE] OSVDB ID : 62741 - Disclosed: 2010-03-04

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks Publisher 6.x through 8.x; WebWorks Publisher 2003; and WebWorks ePublisher 9.0.x through 9.3, 2008.1 through 2008.4, and 2009.x before 2009.3 allow remote attackers to inject arbitrary web script or HTML via (1) wwhelp_entry.html, reachable through index.html and wwhsec.htm, (2) wwhelp/wwhimpl/api.htm, (3) wwhelp/wwhimpl/common/html/frameset.htm, (4) wwhelp/wwhimpl/common/scripts/switch.js, or (5) the window.opener component in wwhelp/wwhimpl/common/html/bookmark.htm, related to (a) unspecified parameters and (b) messages used in topic links for the bookmarking functionality.

[CLOSE] OSVDB ID : 62738 - Disclosed: 2010-03-04

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks Publisher 6.x through 8.x; WebWorks Publisher 2003; and WebWorks ePublisher 9.0.x through 9.3, 2008.1 through 2008.4, and 2009.x before 2009.3 allow remote attackers to inject arbitrary web script or HTML via (1) wwhelp_entry.html, reachable through index.html and wwhsec.htm, (2) wwhelp/wwhimpl/api.htm, (3) wwhelp/wwhimpl/common/html/frameset.htm, (4) wwhelp/wwhimpl/common/scripts/switch.js, or (5) the window.opener component in wwhelp/wwhimpl/common/html/bookmark.htm, related to (a) unspecified parameters and (b) messages used in topic links for the bookmarking functionality.

[CLOSE] OSVDB ID : 74970 - Disclosed: 2011-04-13

Description:

(Description Provided by CVE) : Directory traversal vulnerability in the Heartbeat Web Service in CA.Itm.Server.ManagementWS.dll in the Management Server in CA Total Defense (TD) r12 before SE2 allows remote attackers to execute arbitrary code via directory traversal sequences in the GUID parameter in an upload request to FileUploadHandler.ashx.

[CLOSE] OSVDB ID : 74969 - Disclosed: 2011-04-13

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 allow remote attackers to execute arbitrary SQL commands via vectors involving the (1) UnAssignFunctionalRoles, (2) UnassignAdminRoles, (3) DeleteFilter, (4) NonAssignedUserList, (5) DeleteReportLayout, (6) DeleteReports, and (7) RegenerateReport stored procedures.

[CLOSE] OSVDB ID : 74968 - Disclosed: 2011-04-13

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 allow remote attackers to execute arbitrary SQL commands via vectors involving the (1) UnAssignFunctionalRoles, (2) UnassignAdminRoles, (3) DeleteFilter, (4) NonAssignedUserList, (5) DeleteReportLayout, (6) DeleteReports, and (7) RegenerateReport stored procedures.

[CLOSE] OSVDB ID : 78931 - Disclosed: 2012-02-09

Description:

CA Total Defense contains a flaw that may lead to an unauthorized information disclosure. The issue is due to the App_Code.dll library within the UNC management web service, which will disclose encrypted unsalted domain credentials to a remote attacker.

[CLOSE] OSVDB ID : 78930 - Disclosed: 2012-02-09

Description:

CA Total Defense contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the management.asmx script not properly sanitizing user-supplied input of SOAP requests before being used in a SQL query for the ExportReport and uncsp_ViewReportsHomepage stored procedures. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 74967 - Disclosed: 2011-04-13

Description:

(Description Provided by CVE) : The management.asmx module in the Management Web Service in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 sends a cleartext response to unspecified getDBConfigSettings requests, which makes it easier for remote attackers to obtain database credentials, and subsequently execute arbitrary code, by sniffing the network, related to the UNCWS Web Service.

[CLOSE] OSVDB ID : 3277 - Disclosed: 1995-07-01

Description:

CA Unicenter contains a flaw that allows a local user to execute arbitrary commands with root privileges. The issue is due to a flaw in the "acctotal" program which insecurely calls the "acctotal.sh" shell script. Due to improper sanity checking of the CAIGLBL0000 variable, a user can subvert the path and script called by CA Unicenter.

[CLOSE] OSVDB ID : 14310 - Disclosed: 2005-02-14

Description:

(Description Provided by CVE) : Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 does not properly initialize the "Change Credentials for Database" window, which allows local users to recover the SQL Admin password via certain methods.

[CLOSE] OSVDB ID : 14312 - Disclosed: 2005-02-14

Description:

(Description Provided by CVE) : SQL injection vulnerability in the Query Designer for Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 allows remote attackers to execute arbitrary SQL via an imported file.

[CLOSE] OSVDB ID : 14311 - Disclosed: 2005-02-14

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the Reporter for Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 allows remote attackers to inject arbitrary HTML or web script via the (1) name or (2) description in a report template.

[CLOSE] OSVDB ID : 3242 - Disclosed: 2003-05-20

Description:

Unicenter Asset Manager uses a weak encryption algorithm to store passwords. A local attacker that has access to configuration files could obtain the encrypted passwords and trivially decrypt them.