Page 2 of 70 results (0.005 seconds)

CVSS: 10.0EPSS: 89%CPEs: 7EXPL: 1

CVE-2008-4397 – Computer Associates ARCserve - REPORTREMOTEEXECUTECML Buffer Overflow

https://notcve.org/view.php?id=CVE-2008-4397

Directory traversal vulnerability in the RPC interface (asdbapi.dll) in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to execute arbitrary commands via a .. (dot dot) in an RPC call with opnum 0x10A. Vulnerabilidad de salto de directorio en la interfaz RPC (asdbapi.dll) en CA ARCserve Backup (antes BrightStor ARCserve Backup) vr11.1 hasta vr12.0 permite a atacantes remotos ejecutar comandos de su elección a través de .. (punto punto) en una llamada RPC con un opnum 0x10A. CA BrightStor ARCServe BackUp is an overall data backup solution. • https://www.exploit-db.com/exploits/16404 http://secunia.com/advisories/32220 http://securityreason.com/securityalert/4412 http://www.securityfocus.com/archive/1/497218 http://www.securityfocus.com/archive/1/497281/100/0/threaded http://www.securityfocus.com/bid/31684 http://www.securitytracker.com/id?1021032 http://www.vupen.com/english/advisories/2008/2777 https://exchange.xforce.ibmcloud.com/vulnerabilities/45774 https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1881 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.0EPSS: 87%CPEs: 7EXPL: 0

CVE-2008-4398

https://notcve.org/view.php?id=CVE-2008-4398

Unspecified vulnerability in the tape engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request. Vulnerabilidad no especificada en el servicio de motor de cinta en asdbapi.dll de CA ARCserve Backup (anteriormente BrightStor ARCserve Backup) de r11.1 a r12.0 permite a atacantes remotos provocar una denegación de servicio (caída) mediante una petición manipulada. • http://secunia.com/advisories/32220 http://www.securityfocus.com/archive/1/497218 http://www.securityfocus.com/bid/31684 http://www.securitytracker.com/id?1021032 http://www.vupen.com/english/advisories/2008/2777 https://exchange.xforce.ibmcloud.com/vulnerabilities/45775 https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=188143 • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 88%CPEs: 7EXPL: 0

CVE-2008-4399

https://notcve.org/view.php?id=CVE-2008-4399

Unspecified vulnerability in the database engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request, related to "insufficient validation." Vulnerabilidad no especificada en el servicio del motor de la base de datos en asdbapi.dll en CA ARCserve Backup (antes BrightStor ARCserve Backup) vr11.1 hasta vr12.0 permite a atacantes remotos provocar una denegación de servicio (caída) a través de una petición manipulada, relacionado con "validación insuficiente". • http://secunia.com/advisories/32220 http://www.securityfocus.com/archive/1/497218 http://www.securityfocus.com/bid/31684 http://www.securitytracker.com/id?1021032 http://www.vupen.com/english/advisories/2008/2777 https://exchange.xforce.ibmcloud.com/vulnerabilities/45776 https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=188143 • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 2%CPEs: 7EXPL: 0

CVE-2008-4400

https://notcve.org/view.php?id=CVE-2008-4400

Unspecified vulnerability in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash of multiple services) via crafted authentication credentials, related to "insufficient validation." Vulnerabilidad sin especificar en asdbapi.dll de CA ARCserve Backup (antes llamado BrightStor ARCserve Backup)r11.1 hasta r12.0 permite a un atacante remoto causar una denegación de servicio (caída de varios servicios) por medio de credenciales de autentificación manipulados, relacionado con una validación insuficiente. • http://secunia.com/advisories/32220 http://www.securityfocus.com/archive/1/497218 http://www.securityfocus.com/bid/31684 http://www.securitytracker.com/id?1021032 http://www.vupen.com/english/advisories/2008/2777 https://exchange.xforce.ibmcloud.com/vulnerabilities/45777 https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=188143 • CWE-20: Improper Input Validation •

CVSS: 10.0EPSS: 9%CPEs: 15EXPL: 0

CVE-2008-3175

https://notcve.org/view.php?id=CVE-2008-3175

Integer underflow in rxRPC.dll in the LGServer service in the server in CA ARCserve Backup for Laptops and Desktops 11.0 through 11.5 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted message that triggers a buffer overflow. Subdesbordamiento de enteros en la biblioteca rxRPC.dll en el servicio LGServer en el servidor en CA ARCserve Backup versiones 11.0 hasta 11.5 para ordenadores Portátiles y Escritorios, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio por medio de un mensaje diseñado que desencadena un desbordamiento de búfer. • http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063594.html http://secunia.com/advisories/31319 http://www.securityfocus.com/archive/1/495020/100/0/threaded http://www.securityfocus.com/bid/30472 http://www.securitytracker.com/id?1020590 http://www.vupen.com/english/advisories/2008/2286 https://exchange.xforce.ibmcloud.com/vulnerabilities/44137 https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181721 • CWE-189: Numeric Errors •