[CLOSE] OSVDB ID : 4281 - Disclosed: 2004-03-16

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 27 - Disclosed: 1999-01-01

Description:

This host is running Computer Associates' Unicenter transport service. The transport service uses ports TCP 3104, UDP 4104 and TCP 4105 for communication between its clients and other Unicenter servers. An attack could use this service to gather information about this host.

[CLOSE] OSVDB ID : 3279 - Disclosed: 1995-07-01

Description:

CA Unicenter contains a flaw that allows any local user to gain root privileges. The issue is due to Unicenter installing and setting a UMASK of 000. This causes several directories it creates to install with world writeable permissions. A local attacker can replace a number of SUID binaries in these world writeable directories with their own customer programs. The next time an administrator runs the programs, they will inadvertantly execute commands created by the malicious user.

[CLOSE] OSVDB ID : 3278 - Disclosed: 1995-07-01

Description:

CA Unicenter has a flaw that allows any local user to execute arbitrary commands under root privileges. The flaw is due to the fact that Unicenter installs two scripts with SUID root privileges, and allows any user on the system to write to the scripts. Any local user can edit these scripts and add their own commands to the scripts, which will be executed the next time the admin runs them.

[CLOSE] OSVDB ID : 65381 - Disclosed: 2010-06-10

Description:

(Description Provided by CVE) : Multiple unspecified vulnerabilities in the CA (1) PSFormX and (2) WebScan ActiveX controls, as distributed on the CA Global Advisor web site until May 2009, allow remote attackers to execute arbitrary code via unknown vectors.

[CLOSE] OSVDB ID : 63611 - Disclosed: 2010-04-06

Description:

(Description Provided by CVE) : Multiple buffer overflows in CA XOsoft r12.0 and r12.5 allow remote attackers to execute arbitrary code via (1) a malformed request to the ws_man/xosoapapi.asmx SOAP endpoint or (2) a long string to the entry_point.aspx service.

[CLOSE] OSVDB ID : 63612 - Disclosed: 2010-04-06

Description:

(Description Provided by CVE) : CA XOsoft r12.5 does not properly perform authentication, which allows remote attackers to obtain potentially sensitive information via a SOAP request.

[CLOSE] OSVDB ID : 63613 - Disclosed: 2010-04-06

Description:

(Description Provided by CVE) : CA XOsoft r12.0 and r12.5 does not properly perform authentication, which allows remote attackers to enumerate usernames via a SOAP request.

[CLOSE] OSVDB ID : 63610 - Disclosed: 2010-04-06

Description:

(Description Provided by CVE) : Multiple buffer overflows in CA XOsoft r12.0 and r12.5 allow remote attackers to execute arbitrary code via (1) a malformed request to the ws_man/xosoapapi.asmx SOAP endpoint or (2) a long string to the entry_point.aspx service.

[CLOSE] OSVDB ID : 26321 - Disclosed: 2006-06-10

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in Suchergebnisse.asp in Cabacos Web CMS 3.8.498 and earlier allows remote attackers to inject arbitrary web script or HTML via the suchtext parameter.

[CLOSE] OSVDB ID : 66955 - Disclosed: 2010-07-30

Description:

(Description Provided by CVE) : The MS-ZIP decompressor in cabextract before 1.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed MSZIP archive in a .cab file during a (1) test or (2) extract action, related to the libmspack library.

[CLOSE] OSVDB ID : 66957 - Disclosed: 2010-07-30

Description:

(Description Provided by CVE) : Integer signedness error in the Quantum decompressor in cabextract before 1.3, when archive test mode is used, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Quantum archive in a .cab file, related to the libmspack library.

[CLOSE] OSVDB ID : 10953 - Disclosed: 2004-10-18

Description:

cabextract contains a flaw that allows a remote attacker to overwrite arbitrary files outside of the extraction path. The issue is due to the program not properly sanitizing cabinet files containing "./", "../", and ".." as part of the filename.

[CLOSE] OSVDB ID : 10060 - Disclosed: 1999-11-24

Description:

(Description Provided by CVE) : Cabletron SmartSwitch Router (SSR) 8000 firmware 2.x can only handle 200 ARP requests per second allowing a denial of service attack to succeed with a flood of ARP requests exceeding that limit.

[CLOSE] OSVDB ID : 1016 - Disclosed: 1999-06-23

Description:

(Description Provided by CVE) : SpectroSERVER in Cabletron Spectrum Enterprise Manager 5.0 installs a directory tree with insecure permissions, which allows local users to replace a privileged executable (processd) with a Trojan horse, facilitating a root or Administrator compromise.

[CLOSE] OSVDB ID : 786 - Disclosed: 2002-01-01

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 37574 - Disclosed: 2007-04-17

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in services/samples/inclusionService.php in Cabron Connector 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the CabronServiceFolder parameter.

[CLOSE] OSVDB ID : 57375 - Disclosed: 2008-09-29

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in analyse.php in CAcert 20080921, and possibly other versions before 20080928, allows remote attackers to inject arbitrary web script or HTML via the CN (CommonName) field in the subject of an X.509 certificate.

[CLOSE] OSVDB ID : 42080 - Disclosed: 2007-04-04

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in the sample Cache' Server Page (CSP) scripts in InterSystems Cache' allow remote attackers to inject arbitrary web script or HTML via (1) the TO parameter to loop.csp, (2) the VALUE parameter to cookie.csp, and (3) the PAGE parameter to showsource.csp in csp/samples/; and allow remote authenticated users to inject arbitrary web script or HTML via (4) the ERROR parameter to csp/samples/xmlclasseserror.csp, and unspecified vectors in (5) object.csp and (6) lotteryhistory.csp in csp/samples/.

[CLOSE] OSVDB ID : 42084 - Disclosed: 2007-04-04

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in the sample Cache' Server Page (CSP) scripts in InterSystems Cache' allow remote attackers to inject arbitrary web script or HTML via (1) the TO parameter to loop.csp, (2) the VALUE parameter to cookie.csp, and (3) the PAGE parameter to showsource.csp in csp/samples/; and allow remote authenticated users to inject arbitrary web script or HTML via (4) the ERROR parameter to csp/samples/xmlclasseserror.csp, and unspecified vectors in (5) object.csp and (6) lotteryhistory.csp in csp/samples/.

[CLOSE] OSVDB ID : 42083 - Disclosed: 2007-04-04

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in the sample Cache' Server Page (CSP) scripts in InterSystems Cache' allow remote attackers to inject arbitrary web script or HTML via (1) the TO parameter to loop.csp, (2) the VALUE parameter to cookie.csp, and (3) the PAGE parameter to showsource.csp in csp/samples/; and allow remote authenticated users to inject arbitrary web script or HTML via (4) the ERROR parameter to csp/samples/xmlclasseserror.csp, and unspecified vectors in (5) object.csp and (6) lotteryhistory.csp in csp/samples/.

[CLOSE] OSVDB ID : 42082 - Disclosed: 2007-04-04

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in the sample Cache' Server Page (CSP) scripts in InterSystems Cache' allow remote attackers to inject arbitrary web script or HTML via (1) the TO parameter to loop.csp, (2) the VALUE parameter to cookie.csp, and (3) the PAGE parameter to showsource.csp in csp/samples/; and allow remote authenticated users to inject arbitrary web script or HTML via (4) the ERROR parameter to csp/samples/xmlclasseserror.csp, and unspecified vectors in (5) object.csp and (6) lotteryhistory.csp in csp/samples/.

[CLOSE] OSVDB ID : 42079 - Disclosed: 2007-04-04

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in the sample Cache' Server Page (CSP) scripts in InterSystems Cache' allow remote attackers to inject arbitrary web script or HTML via (1) the TO parameter to loop.csp, (2) the VALUE parameter to cookie.csp, and (3) the PAGE parameter to showsource.csp in csp/samples/; and allow remote authenticated users to inject arbitrary web script or HTML via (4) the ERROR parameter to csp/samples/xmlclasseserror.csp, and unspecified vectors in (5) object.csp and (6) lotteryhistory.csp in csp/samples/.

[CLOSE] OSVDB ID : 42081 - Disclosed: 2007-04-04

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in the sample Cache' Server Page (CSP) scripts in InterSystems Cache' allow remote attackers to inject arbitrary web script or HTML via (1) the TO parameter to loop.csp, (2) the VALUE parameter to cookie.csp, and (3) the PAGE parameter to showsource.csp in csp/samples/; and allow remote authenticated users to inject arbitrary web script or HTML via (4) the ERROR parameter to csp/samples/xmlclasseserror.csp, and unspecified vectors in (5) object.csp and (6) lotteryhistory.csp in csp/samples/.

[CLOSE] OSVDB ID : 46173 - Disclosed: 2008-06-13

Description:

Cache_Lite Package for Mambo contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'includes/Cache/Lite/Output.php' script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 4988 - Disclosed: 2004-04-08

Description:

(Description Provided by CVE) : Web administration interface in CacheFlow CacheOS 4.0.13 and earlier allows remote attackers to obtain sensitive information via a series of GET requests that do not end in with HTTP/1.0 or another version string, which causes the information to be leaked in the error message.

[CLOSE] OSVDB ID : 4989 - Disclosed: 2004-04-08

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in Blue Coat Systems (formerly CacheFlow) CacheOS on Client Accelerator 4.1.06, Security Gateway 2.1.02, and Server Accelerator 4.1.06 allows remote attackers to inject arbitrary web script or HTML via a URL to a nonexistent hostname that includes the HTML, which is inserted into the resulting error page.

[CLOSE] OSVDB ID : 2020 - Disclosed: 2002-01-08

Description:

(Description Provided by CVE) : Web administration interface in CacheFlow CacheOS 4.0.13 and earlier allows remote attackers to obtain sensitive information via a series of GET requests that do not end in with HTTP/1.0 or another version string, which causes the information to be leaked in the error message.

[CLOSE] OSVDB ID : 33506 - Disclosed: 2007-03-10

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 73515 - Disclosed: 2011-03-24

Description:

Cachelogic Expired Domains Script contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'ncharacter' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.