CVSS: 10.0EPSS: 30%CPEs: 7EXPL: 0CVE-2008-2241 – CA BrightStor ARCserve Backup caloggerd Arbitrary File Writing Vulnerability
https://notcve.org/view.php?id=CVE-2008-2241
Directory traversal vulnerability in caloggerd in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allows remote attackers to append arbitrary data to arbitrary files via directory traversal sequences in unspecified input fields, which are used in log messages. NOTE: this can be leveraged for code execution in many installation environments by writing to a startup file or configuration file. Vulnerabilidad de salto de directorio en caloggerd de BrightStor ARCServe Backup 11.0, 11.1 y 11.5, permite a atacantes remotos añadir datos a archivos arbitrariamente a través de secuencias de salto de directorio en archivos de entrada no especificados, que son utilizados en mensajes de log. NOTA: puede aprovecharse para ejecución de código en muchos entornos de instalación escribiendo en un fichero archivo de inicio o en un archivo de configuración. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Computer Associates ARCserve Backup. • http://secunia.com/advisories/30300 http://www.securityfocus.com/archive/1/492266/100/0/threaded http://www.securityfocus.com/archive/1/492274/100/0/threaded http://www.securityfocus.com/bid/29283 http://www.securitytracker.com/id?1020043 http://www.vupen.com/english/advisories/2008/1573/references http://www.zerodayinitiative.com/advisories/ZDI-08-027 https://exchange.xforce.ibmcloud.com/vulnerabilities/42524 https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=176798 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.0EPSS: 54%CPEs: 1EXPL: 2CVE-2008-1979 – Computer Associates ARCserve Backup Discovery Service Remote - Denial of Service
https://notcve.org/view.php?id=CVE-2008-1979
The Discovery Service (casdscvc) in CA ARCserve Backup 12.0.5454.0 and earlier allows remote attackers to cause a denial of service (crash) via a packet with a large integer value used in an increment to TCP port 41523, which triggers a buffer over-read. El Discovery Service (casdscvc) en CA ARCserve Backup versión 12.0.5454.0 y anteriores, permite a atacantes remotos causar una denegación de servicio (bloqueo de aplicación) por medio de un paquete con un valor entero largo usado en un incremento al puerto TCP 41523, lo que desencadena una lectura excesiva del búfer. • https://www.exploit-db.com/exploits/31707 http://aluigi.altervista.org/adv/carcbackazz-adv.txt http://secunia.com/advisories/29855 http://www.securityfocus.com/archive/1/493430/100/0/threaded http://www.securityfocus.com/bid/28927 http://www.securitytracker.com/id?1020324 http://www.vupen.com/english/advisories/2008/1354 https://exchange.xforce.ibmcloud.com/vulnerabilities/41869 • CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 31%CPEs: 1EXPL: 2CVE-2007-2772 – CA BrightStor Backup 11.5.2.0 - 'caloggderd.exe' Denial of Service
https://notcve.org/view.php?id=CVE-2007-2772
(1) caloggerd.exe (camt70.dll) and (2) mediasvr.exe (catirpc.dll and rwxdr.dll) in CA BrightStor Backup 11.5.2.0 SP2 allow remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted RPC packet. (1) caloggerd.exe (camt70.dll) y (2) mediasvr.exe (catirpc.dll and rwxdr.dll) en CA BrightStor Backup 11.5.2.0 SP2 permite a atacantes remotos provocar denegación de servicio (referencia NULL y caida de aplicación) a través de un paquete RPC manipulado. • https://www.exploit-db.com/exploits/3939 https://www.exploit-db.com/exploits/3940 http://osvdb.org/35327 http://osvdb.org/35328 http://secunia.com/advisories/25300 http://securityreason.com/securityalert/2727 http://supportconnectw.ca.com/public/storage/infodocs/babmedservul-secnotice.asp http://www.securityfocus.com/archive/1/468784/100/0/threaded http://www.securitytracker.com/id?1018076 http://www.vupen.com/english/advisories/2007/1849 https://exchange.xforce.ibmcloud.com/ •