CVE-2008-4400
https://notcve.org/view.php?id=CVE-2008-4400
Unspecified vulnerability in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash of multiple services) via crafted authentication credentials, related to "insufficient validation." Vulnerabilidad sin especificar en asdbapi.dll de CA ARCserve Backup (antes llamado BrightStor ARCserve Backup)r11.1 hasta r12.0 permite a un atacante remoto causar una denegación de servicio (caída de varios servicios) por medio de credenciales de autentificación manipulados, relacionado con una validación insuficiente. • http://secunia.com/advisories/32220 http://www.securityfocus.com/archive/1/497218 http://www.securityfocus.com/bid/31684 http://www.securitytracker.com/id?1021032 http://www.vupen.com/english/advisories/2008/2777 https://exchange.xforce.ibmcloud.com/vulnerabilities/45777 https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=188143 • CWE-20: Improper Input Validation •
CVE-2008-2241 – CA BrightStor ARCserve Backup caloggerd Arbitrary File Writing Vulnerability
https://notcve.org/view.php?id=CVE-2008-2241
Directory traversal vulnerability in caloggerd in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allows remote attackers to append arbitrary data to arbitrary files via directory traversal sequences in unspecified input fields, which are used in log messages. NOTE: this can be leveraged for code execution in many installation environments by writing to a startup file or configuration file. Vulnerabilidad de salto de directorio en caloggerd de BrightStor ARCServe Backup 11.0, 11.1 y 11.5, permite a atacantes remotos añadir datos a archivos arbitrariamente a través de secuencias de salto de directorio en archivos de entrada no especificados, que son utilizados en mensajes de log. NOTA: puede aprovecharse para ejecución de código en muchos entornos de instalación escribiendo en un fichero archivo de inicio o en un archivo de configuración. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Computer Associates ARCserve Backup. • http://secunia.com/advisories/30300 http://www.securityfocus.com/archive/1/492266/100/0/threaded http://www.securityfocus.com/archive/1/492274/100/0/threaded http://www.securityfocus.com/bid/29283 http://www.securitytracker.com/id?1020043 http://www.vupen.com/english/advisories/2008/1573/references http://www.zerodayinitiative.com/advisories/ZDI-08-027 https://exchange.xforce.ibmcloud.com/vulnerabilities/42524 https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=176798 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2007-5331
https://notcve.org/view.php?id=CVE-2007-5331
Queue.dll for the message queuing service (LQserver.exe) in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to execute arbitrary code via a malformed ONRPC protocol request for operation 0x76, which causes ARCserve Backup to dereference arbitrary pointers. La biblioteca Queue.dll para el servicio de colas de mensajes (LQserver.exe) en CA BrightStor ARCServe BackUp versión v9.01 hasta R11.5, y Enterprise Backup r10.5, permite a atacantes remotos ejecutar código arbitrario por medio de una petición de protocolo ONRPC malformada para la operación 0x76, lo que hace que ARCserve Backup elimine la referencia de punteros arbitrarios. • http://osvdb.org/41371 http://research.eeye.com/html/advisories/published/AD20071011.html http://secunia.com/advisories/27192 http://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp http://www.securityfocus.com/archive/1/482114/100/0/threaded http://www.securityfocus.com/archive/1/482121/100/0/threaded http://www.securityfocus.com/bid/24680 http://www.securitytracker.com/id?1018805 http://www.vupen.com/english/advisories/2007/3470 https://exchange.xforce.ibmcloud • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2007-5329
https://notcve.org/view.php?id=CVE-2007-5329
Unspecified vulnerability in dbasvr in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, has unknown impact and attack vectors related to memory corruption. Vulnerabilidad sin especificar en el dbasvr del CA BrightStor ARCServe BackUp v9.01 hasta la R11.5 y el Enterprise Backup r10.5, tiene un impacto desconocido y vectores de ataque relacionados con la corrupción de memoria. • http://osvdb.org/41372 http://secunia.com/advisories/27192 http://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp http://www.securityfocus.com/archive/1/482121/100/0/threaded http://www.securityfocus.com/bid/26015 http://www.securitytracker.com/id?1018805 http://www.vupen.com/english/advisories/2007/3470 https://exchange.xforce.ibmcloud.com/vulnerabilities/37068 • CWE-399: Resource Management Errors •
CVE-2007-5326
https://notcve.org/view.php?id=CVE-2007-5326
Multiple buffer overflows in (1) RPC and (2) rpcx.dll in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allow remote attackers to execute arbitrary code via unspecified vectors. Múltiples desbordamientos de búfer en (1) RPC y (2) rpcx.dll de CA BrightStor ARCServer BackUp v9.01 hasta R11.5, y Enterprise Backup r10.5, permiten a atacantes remotos ejecutar código de su elección a través de vectores no especificados. • http://osvdb.org/41368 http://secunia.com/advisories/27192 http://secunia.com/secunia_research/2007-49/advisory http://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp http://www.securityfocus.com/archive/1/482121/100/0/threaded http://www.securityfocus.com/bid/26015 http://www.securitytracker.com/id?1018805 http://www.vupen.com/english/advisories/2007/3470 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •