CVSS: 10.0EPSS: 93%CPEs: 8EXPL: 1CVE-2007-2139 – CA BrightStor ArcServe Media Server Multiple Buffer Overflow Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-2139
Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2, and Business Protection Suite 2, allow remote attackers to execute arbitrary code via malformed RPC strings, a different vulnerability than CVE-2006-5171, CVE-2006-5172, and CVE-2007-1785. Múltiple desbordamiento de búfer basado en pila en el servicio SUN RPC del CA (antiguamente Computer Associates) BrightStor ARCserve Media Server, como el utilizado en el BrightStor ARCserve Backup 9.01 hasta la 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2 y Business Protection Suite 2, permite a atacantes remotos ejecutar código de su elección a través de cadenas RPC mal formadas. Vulnerabilidad diferente a las CVE-2006-5171, CVE-2006-5172 y CVE-2007-1785. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Computer Associates BrightStor ARCserve Media Server. User interaction is not required to exploit this vulnerability. The specific flaw exists in the SUN RPC service which binds to a randomly chosen high TCP port. • https://www.exploit-db.com/exploits/16413 http://osvdb.org/35326 http://secunia.com/advisories/24972 http://securityreason.com/securityalert/2628 http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp http://www.kb.cert.org/vuls/id/979825 http://www.securityfocus.com/archive/1/466790/100/0/threaded http://www.securityfocus.com/bid/23635 http://www.securitytracker.com/id?1017952 http://www.vupen.com/english/advisories/2007/1529 http://www.zerodayinitiat •
CVSS: 10.0EPSS: 91%CPEs: 1EXPL: 1CVE-2006-6917 – CA BrightStor ARCserve - 'tapeeng.exe' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-6917
Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup R11.5 Server before SP2 allows remote attackers to execute arbitrary code in the Tape Engine (tapeeng.exe) via a crafted RPC request with (1) opnum 38, which is not properly handled in TAPEUTIL.dll 11.5.3884.0, or (2) opnum 37, which is not properly handled in TAPEENG.dll 11.5.3884.0. Múltiples desbordamiento de búfer en Computer Associates (CA) BrightStor ARCserve Backup R11.5 Server versiones anteriores a SP2 permite a atacantes remotos ejecutar código de su elección en el Tape Engine (tapeeng.exe) mediante una petición RPC manipulada con (1) opnum 38, que no es manejado apropiadamente en TAPEUTIL.dll 11.5.3884.0, ó (2) opnum 37, que no es manejado apropiadamente en TAPEENG.dll 11.5.3884.0. • https://www.exploit-db.com/exploits/3086 http://supportconnectw.ca.com/public/storage/infodocs/basbrtapeeng-secnotice.asp http://www.lssec.com/advisories/LS-20060908.pdf http://www.lssec.com/advisories/LS-20061001.pdf http://www.securityfocus.com/archive/1/453930/30/390/threaded http://www.securityfocus.com/archive/1/453933/30/420/threaded http://www.securityfocus.com/archive/1/454088/30/0/threaded http://www.securityfocus.com/archive/1/454094/30/360/threaded http://www.s •
CVSS: 7.5EPSS: 91%CPEs: 7EXPL: 1CVE-2006-6379 – CA BrightStor ARCserve Backup - Remote Overflow
https://notcve.org/view.php?id=CVE-2006-6379
Buffer overflow in the BrightStor Backup Discovery Service in multiple CA products, including ARCserve Backup r11.5 SP1 and earlier, ARCserve Backup 9.01 up to 11.1, Enterprise Backup 10.5, and CA Server Protection Suite r2, allows remote attackers to execute arbitrary code via unspecified vectors. Desbordamiento de búfer en BrightStor Backup Discovery Service en múltiples productos CA, incluidos ARCserve Backup r11.5 SP1 y anteriores, ARCserve Backup 9.01 hasta la 11.1, Enterprise Backup 10.5 , y CA Server Protection Suite r2, permite a un atacante remoto ejecutar código de su elección a través de vectores no especificados. • https://www.exploit-db.com/exploits/1132 http://securityreason.com/securityalert/2010 http://securitytracker.com/id?1017356 http://supportconnectw.ca.com/public/storage/infodocs/babsecurity-notice.asp http://www.osvdb.org/30775 http://www.securityfocus.com/archive/1/453916/100/0/threaded http://www.securityfocus.com/bid/21502 http://www.vupen.com/english/advisories/2006/4910 https://exchange.xforce.ibmcloud.com/vulnerabilities/30791 •
CVSS: 10.0EPSS: 4%CPEs: 49EXPL: 0CVE-2005-3653
https://notcve.org/view.php?id=CVE-2005-3653
Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field. • http://marc.info/?l=full-disclosure&m=113803349715927&w=2 http://secunia.com/advisories/18591 http://securityreason.com/securityalert/380 http://securitytracker.com/id?1015526 http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376 http://www.osvdb.org/22688 http://www.securityfocus.com/archive/1/423288/100/0/threaded http://www.securityfocus.com/archive/1/423403/100/0/threaded http:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •