CVSS: 6.2EPSS: 81%CPEs: 14EXPL: 0CVE-2012-1453
https://notcve.org/view.php?id=CVE-2012-1453
21 Mar 2012 — The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antiv... • http://osvdb.org/80482 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2011-4054
https://notcve.org/view.php?id=CVE-2011-4054
08 Dec 2011 — Cross-site scripting (XSS) vulnerability in login.fcc in CA SiteMinder R6 SP6 before CR7 and R12 SP3 before CR8 allows remote attackers to inject arbitrary web script or HTML via the postpreservationdata parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en login.fcc en CA SiteMinder R6 SP6 antes de CR7 y R12 SP3 antes de CR8, permite a atacantes remotos ejecutar secuencias de comandos web o HTML a través del parámetro postpreservationdata. • http://www.kb.cert.org/vuls/id/713012 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 66%CPEs: 1EXPL: 2CVE-2011-3011 – CA Arcserve D2D - GWT RPC Credential Information Disclosure
https://notcve.org/view.php?id=CVE-2011-3011
15 Aug 2011 — BaseServiceImpl.class in CA ARCserve D2D r15 does not properly handle sessions, which allows remote attackers to obtain credentials, and consequently execute arbitrary commands, via unspecified vectors. BaseServiceImpl.class en CA ARCserve D2D r15 no maneja adecuadamente las sesiones, permitiendo a atacantes remotos obtener credenciales, y por lo tanto ejecutar comandos arbitrarios a través de vectores no especificados. • https://www.exploit-db.com/exploits/41707 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 25%CPEs: 2EXPL: 0CVE-2011-2667 – CA Total Defense Suite Gateway Security Malformed HTTP Packet Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-2667
20 Jul 2011 — Icihttp.exe in CA Gateway Security for HTTP, as used in CA Gateway Security 8.1 before 8.1.0.69 and CA Total Defense r12, does not properly parse URLs, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and daemon crash) via a malformed request. Icihttp.exe en CA Gateway Security para HTTP, como se usa en CA Gateway Security v8.1 antes de v8.1.0.69 y CA Total Defense r12, no analiza correctamente las direcciones URL, lo que permite a atacantes remoto... • http://secunia.com/advisories/45332 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2011-1899
https://notcve.org/view.php?id=CVE-2011-1899
16 May 2011 — Multiple cross-site scripting (XSS) vulnerabilities in CA eHealth 6.0.x, 6.1.x, 6.2.1, and 6.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en CA eHealth v6.0.x, v6.1.x, v6.2.1 y v6.2.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetros no especificados. • http://secunia.com/advisories/44482 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2011-1825
https://notcve.org/view.php?id=CVE-2011-1825
04 May 2011 — Multiple cross-site scripting (XSS) vulnerabilities in the Administrative Console in CA Arcot WebFort Versatile Authentication Server (VAS) before 6.2.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Administrative Console in CA Arcot WebFort Versatile Authentication Server (VAS) anteriores a v6.2.5, permite a atacantes remotos inyectar secuencias de comandos web o HTML a tra... • http://osvdb.org/72124 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2011-1826
https://notcve.org/view.php?id=CVE-2011-1826
04 May 2011 — Open redirect vulnerability in the Administrative Console in CA Arcot WebFort Versatile Authentication Server (VAS) before 6.2.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Vulnerabilidad de redirección abierta en Administrative Console en CA Arcot WebFort Versatile Authentication Server (VAS)anterioes a v6.2.5, permite a atacantes remotos redireccionar a usuarios a sitios web de su elección y llevar a cabo ataques de phishing a trav... • http://osvdb.org/72125 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2011-1718
https://notcve.org/view.php?id=CVE-2011-1718
27 Apr 2011 — The Web Agents component in CA SiteMinder R6 before SP6 CR2 and R12 before SP3 CR2 does not properly handle multi-line headers, which allows remote authenticated users to conduct impersonation attacks and gain privileges via crafted data. El componente Web Agents en CA SiteMinder R6 antes SP6 CR2 y R12 antes SP3 CR2 no maneja adecuadamente las cabeceras de varias líneas, lo que permite a usuarios remotos autenticados para realizar ataques de suplantación de identidad y obtener privilegios a través de datos ... • http://secunia.com/advisories/44218 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 5%CPEs: 3EXPL: 0CVE-2011-1036 – CA Internet Security Suite HIPS XML Security Database Parser Class Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1036
23 Feb 2011 — The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods. La clase XML Security Database Parser en el control XMLSecDB ActiveX en el c... • http://secunia.com/advisories/43377 •
CVSS: 10.0EPSS: 22%CPEs: 2EXPL: 0CVE-2011-0758 – CA ETrust Secure Content Manager Common Services Transport Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0758
07 Feb 2011 — The eCS component (ECSQdmn.exe) in CA ETrust Secure Content Manager 8.0 and CA Gateway Security 8.1 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted request to port 1882, involving an incorrect integer calculation and a heap-based buffer overflow. El componente eCS (ECSQdmn.exe) en CA ETrust Secure Content Manager versión 8.0 y CA Gateway Security versión 8.1, permite a los atacantes remotos causar una denegación de servicio (bloqueo) y ejecutar código ar... • http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-ca • CWE-189: Numeric Errors •