CVSS: 10.0EPSS: 89%CPEs: 7EXPL: 1CVE-2008-4397 – Computer Associates ARCserve - REPORTREMOTEEXECUTECML Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-4397
Directory traversal vulnerability in the RPC interface (asdbapi.dll) in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to execute arbitrary commands via a .. (dot dot) in an RPC call with opnum 0x10A. Vulnerabilidad de salto de directorio en la interfaz RPC (asdbapi.dll) en CA ARCserve Backup (antes BrightStor ARCserve Backup) vr11.1 hasta vr12.0 permite a atacantes remotos ejecutar comandos de su elección a través de .. (punto punto) en una llamada RPC con un opnum 0x10A. CA BrightStor ARCServe BackUp is an overall data backup solution. • https://www.exploit-db.com/exploits/16404 http://secunia.com/advisories/32220 http://securityreason.com/securityalert/4412 http://www.securityfocus.com/archive/1/497218 http://www.securityfocus.com/archive/1/497281/100/0/threaded http://www.securityfocus.com/bid/31684 http://www.securitytracker.com/id?1021032 http://www.vupen.com/english/advisories/2008/2777 https://exchange.xforce.ibmcloud.com/vulnerabilities/45774 https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1881 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.0EPSS: 87%CPEs: 7EXPL: 0CVE-2008-4398
https://notcve.org/view.php?id=CVE-2008-4398
Unspecified vulnerability in the tape engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request. Vulnerabilidad no especificada en el servicio de motor de cinta en asdbapi.dll de CA ARCserve Backup (anteriormente BrightStor ARCserve Backup) de r11.1 a r12.0 permite a atacantes remotos provocar una denegación de servicio (caída) mediante una petición manipulada. • http://secunia.com/advisories/32220 http://www.securityfocus.com/archive/1/497218 http://www.securityfocus.com/bid/31684 http://www.securitytracker.com/id?1021032 http://www.vupen.com/english/advisories/2008/2777 https://exchange.xforce.ibmcloud.com/vulnerabilities/45775 https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=188143 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 88%CPEs: 7EXPL: 0CVE-2008-4399
https://notcve.org/view.php?id=CVE-2008-4399
Unspecified vulnerability in the database engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request, related to "insufficient validation." Vulnerabilidad no especificada en el servicio del motor de la base de datos en asdbapi.dll en CA ARCserve Backup (antes BrightStor ARCserve Backup) vr11.1 hasta vr12.0 permite a atacantes remotos provocar una denegación de servicio (caída) a través de una petición manipulada, relacionado con "validación insuficiente". • http://secunia.com/advisories/32220 http://www.securityfocus.com/archive/1/497218 http://www.securityfocus.com/bid/31684 http://www.securitytracker.com/id?1021032 http://www.vupen.com/english/advisories/2008/2777 https://exchange.xforce.ibmcloud.com/vulnerabilities/45776 https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=188143 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 2%CPEs: 7EXPL: 0CVE-2008-4400
https://notcve.org/view.php?id=CVE-2008-4400
Unspecified vulnerability in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash of multiple services) via crafted authentication credentials, related to "insufficient validation." Vulnerabilidad sin especificar en asdbapi.dll de CA ARCserve Backup (antes llamado BrightStor ARCserve Backup)r11.1 hasta r12.0 permite a un atacante remoto causar una denegación de servicio (caída de varios servicios) por medio de credenciales de autentificación manipulados, relacionado con una validación insuficiente. • http://secunia.com/advisories/32220 http://www.securityfocus.com/archive/1/497218 http://www.securityfocus.com/bid/31684 http://www.securitytracker.com/id?1021032 http://www.vupen.com/english/advisories/2008/2777 https://exchange.xforce.ibmcloud.com/vulnerabilities/45777 https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=188143 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 33%CPEs: 7EXPL: 0CVE-2008-2241 – CA BrightStor ARCserve Backup caloggerd Arbitrary File Writing Vulnerability
https://notcve.org/view.php?id=CVE-2008-2241
Directory traversal vulnerability in caloggerd in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allows remote attackers to append arbitrary data to arbitrary files via directory traversal sequences in unspecified input fields, which are used in log messages. NOTE: this can be leveraged for code execution in many installation environments by writing to a startup file or configuration file. Vulnerabilidad de salto de directorio en caloggerd de BrightStor ARCServe Backup 11.0, 11.1 y 11.5, permite a atacantes remotos añadir datos a archivos arbitrariamente a través de secuencias de salto de directorio en archivos de entrada no especificados, que son utilizados en mensajes de log. NOTA: puede aprovecharse para ejecución de código en muchos entornos de instalación escribiendo en un fichero archivo de inicio o en un archivo de configuración. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Computer Associates ARCserve Backup. • http://secunia.com/advisories/30300 http://www.securityfocus.com/archive/1/492266/100/0/threaded http://www.securityfocus.com/archive/1/492274/100/0/threaded http://www.securityfocus.com/bid/29283 http://www.securitytracker.com/id?1020043 http://www.vupen.com/english/advisories/2008/1573/references http://www.zerodayinitiative.com/advisories/ZDI-08-027 https://exchange.xforce.ibmcloud.com/vulnerabilities/42524 https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=176798 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •