[CLOSE] OSVDB ID : 62740 - Disclosed: 2010-03-04

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks Publisher 6.x through 8.x; WebWorks Publisher 2003; and WebWorks ePublisher 9.0.x through 9.3, 2008.1 through 2008.4, and 2009.x before 2009.3 allow remote attackers to inject arbitrary web script or HTML via (1) wwhelp_entry.html, reachable through index.html and wwhsec.htm, (2) wwhelp/wwhimpl/api.htm, (3) wwhelp/wwhimpl/common/html/frameset.htm, (4) wwhelp/wwhimpl/common/scripts/switch.js, or (5) the window.opener component in wwhelp/wwhimpl/common/html/bookmark.htm, related to (a) unspecified parameters and (b) messages used in topic links for the bookmarking functionality.

[CLOSE] OSVDB ID : 62741 - Disclosed: 2010-03-04

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks Publisher 6.x through 8.x; WebWorks Publisher 2003; and WebWorks ePublisher 9.0.x through 9.3, 2008.1 through 2008.4, and 2009.x before 2009.3 allow remote attackers to inject arbitrary web script or HTML via (1) wwhelp_entry.html, reachable through index.html and wwhsec.htm, (2) wwhelp/wwhimpl/api.htm, (3) wwhelp/wwhimpl/common/html/frameset.htm, (4) wwhelp/wwhimpl/common/scripts/switch.js, or (5) the window.opener component in wwhelp/wwhimpl/common/html/bookmark.htm, related to (a) unspecified parameters and (b) messages used in topic links for the bookmarking functionality.

[CLOSE] OSVDB ID : 62738 - Disclosed: 2010-03-04

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks Publisher 6.x through 8.x; WebWorks Publisher 2003; and WebWorks ePublisher 9.0.x through 9.3, 2008.1 through 2008.4, and 2009.x before 2009.3 allow remote attackers to inject arbitrary web script or HTML via (1) wwhelp_entry.html, reachable through index.html and wwhsec.htm, (2) wwhelp/wwhimpl/api.htm, (3) wwhelp/wwhimpl/common/html/frameset.htm, (4) wwhelp/wwhimpl/common/scripts/switch.js, or (5) the window.opener component in wwhelp/wwhimpl/common/html/bookmark.htm, related to (a) unspecified parameters and (b) messages used in topic links for the bookmarking functionality.

[CLOSE] OSVDB ID : 74970 - Disclosed: 2011-04-13

Description:

(Description Provided by CVE) : Directory traversal vulnerability in the Heartbeat Web Service in CA.Itm.Server.ManagementWS.dll in the Management Server in CA Total Defense (TD) r12 before SE2 allows remote attackers to execute arbitrary code via directory traversal sequences in the GUID parameter in an upload request to FileUploadHandler.ashx.

[CLOSE] OSVDB ID : 74969 - Disclosed: 2011-04-13

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 allow remote attackers to execute arbitrary SQL commands via vectors involving the (1) UnAssignFunctionalRoles, (2) UnassignAdminRoles, (3) DeleteFilter, (4) NonAssignedUserList, (5) DeleteReportLayout, (6) DeleteReports, and (7) RegenerateReport stored procedures.

[CLOSE] OSVDB ID : 74968 - Disclosed: 2011-04-13

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 allow remote attackers to execute arbitrary SQL commands via vectors involving the (1) UnAssignFunctionalRoles, (2) UnassignAdminRoles, (3) DeleteFilter, (4) NonAssignedUserList, (5) DeleteReportLayout, (6) DeleteReports, and (7) RegenerateReport stored procedures.

[CLOSE] OSVDB ID : 78931 - Disclosed: 2012-02-08

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 78930 - Disclosed: 2012-02-08

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 74967 - Disclosed: 2011-04-13

Description:

(Description Provided by CVE) : The management.asmx module in the Management Web Service in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 sends a cleartext response to unspecified getDBConfigSettings requests, which makes it easier for remote attackers to obtain database credentials, and subsequently execute arbitrary code, by sniffing the network, related to the UNCWS Web Service.

[CLOSE] OSVDB ID : 3277 - Disclosed: 1995-07-01

Description:

CA Unicenter contains a flaw that allows a local user to execute arbitrary commands with root privileges. The issue is due to a flaw in the "acctotal" program which insecurely calls the "acctotal.sh" shell script. Due to improper sanity checking of the CAIGLBL0000 variable, a user can subvert the path and script called by CA Unicenter.

[CLOSE] OSVDB ID : 14310 - Disclosed: 2005-02-14

Description:

(Description Provided by CVE) : Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 does not properly initialize the "Change Credentials for Database" window, which allows local users to recover the SQL Admin password via certain methods.

[CLOSE] OSVDB ID : 14312 - Disclosed: 2005-02-14

Description:

(Description Provided by CVE) : SQL injection vulnerability in the Query Designer for Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 allows remote attackers to execute arbitrary SQL via an imported file.

[CLOSE] OSVDB ID : 14311 - Disclosed: 2005-02-14

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the Reporter for Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 allows remote attackers to inject arbitrary HTML or web script via the (1) name or (2) description in a report template.

[CLOSE] OSVDB ID : 3242 - Disclosed: 2003-05-20

Description:

Unicenter Asset Manager uses a weak encryption algorithm to store passwords. A local attacker that has access to configuration files could obtain the encrypted passwords and trivially decrypt them.

[CLOSE] OSVDB ID : 4246 - Disclosed: 2004-03-12

Description:

CA UnicenterTNG contains a flaw that allows a remote user to gain SYSTEM privileges. The issue is due to the cam.exe and awservices.exe program not properly validating input to various buffers. This allows an attacker to gain elevated privileges via standard buffer overflow attacks. No further details have been provided.

[CLOSE] OSVDB ID : 10409 - Disclosed: 2004-09-29

Description:

(Description Provided by CVE) : Computer Associates Unicenter Common Services 3.0 and earlier stores the database "SA" password in cleartext in the TndAddNspTmp.bat file, which could allow local users to gain privileges.

[CLOSE] OSVDB ID : 10407 - Disclosed: 2004-09-29

Description:

CA Unicenter Common Services contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to the "SA" plaintext password when a user opens the TndAddNsp.bat as text, which may lead to a loss of confidentiality.

[CLOSE] OSVDB ID : 10408 - Disclosed: 2004-09-29

Description:

CA Unicenter Common Services contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to the "SA" plaintext password when a user opens the TndAddNspTmp.bat as text, which may lead to a loss of confidentiality.

[CLOSE] OSVDB ID : 26 - Disclosed: 1999-01-01

Description:

This host is running Computer Associates' Unicenter file transfer service. The file transfer service uses ports TCP 3104, UDP 4104 and TCP 4105 for communication between its clients and other Unicenter servers. An attacker could potentially use this service to transfer critical information to and from this host.

[CLOSE] OSVDB ID : 3245 - Disclosed: 2003-06-04

Description:

Unicenter ServicePlus Service Desk contains a flaw that allows a remote attacker to execute arbitrary code on a vulnerable system. The issue is due to poor sanity checks in the file_upload.pl script. If an attacker supplies a specially-crafted URL they can use the script to execute arbitrary commands.

[CLOSE] OSVDB ID : 3249 - Disclosed: 2000-01-01

Description:

Unicenter and Control IT contain a flaw that allows a local user to gain elevated privileges. THe flaw is due to the Host and Viewer which will run an arbitrary program under the same privileges. No further details have been provided.

[CLOSE] OSVDB ID : 10201 - Disclosed: 2004-09-22

Description:

UniCenter Management Portal contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a request of a user's forgotten password occurs, which will disclose the existence of the user resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 3248 - Disclosed: 2003-10-01

Description:

Unicenter contains a flaw that allows an attacker to cause a denial of service. The issue is due to a buffer overflow in the Unicenter Message Queuing Service (CAM). No further details have been provided.

[CLOSE] OSVDB ID : 3244 - Disclosed: 2003-06-04

Description:

Unicenter and ServicePlus Service Desk contain a vulnerability that allows a remote attacker to bypass authentication and gain access to sensitive information. The issue is due to a flaw in the pdm_cgireport.exe program that allows users to create and view any report in the Service Desk.

[CLOSE] OSVDB ID : 3246 - Disclosed: 2003-06-04

Description:

Unicenter ServicePlus Service Desk allows a remote attacker to obtain sensitive information. The issue is due to poor sanity checking in the pdmcgi.exe script. If an attacker provides a specially-crafted query the script will return all requests being made. This information may contain sensitive information that aids in furhter attacks.

[CLOSE] OSVDB ID : 3247 - Disclosed: 2003-06-04

Description:

Unicenter TNG allows a remote attacker to view arbitrary files. The flaw is due to poor sanity checking in template selection of the pdmcgi.exe program. By specifying an arbitrary file, the program will display the contents to any user.

[CLOSE] OSVDB ID : 3243 - Disclosed: 2003-12-11

Description:

Unicenter Remote Control could allow a local attacker to gain elevated privileges on a vulnerable system. The issue is due to the help interface allowing any application to be run under the same account that the host runs under.

[CLOSE] OSVDB ID : 12249 - Disclosed: 2004-12-07

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 3131 - Disclosed: 2003-12-12

Description:

CA Unicenter Remote Control (URC) contains a flaw that may allow a remote denial of service. The issue is triggered when the host's port receives numerous, bogus, connection requests, and will result in loss of availability for the computer running the host service.

[CLOSE] OSVDB ID : 3023 - Disclosed: 2003-12-11

Description:

CA Unicenter Remote Control (URC) contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered by abusing the "Help" interface. This flaw may lead to a loss of Confidentiality, Integrity and/or Availability.