CVSS: 10.0EPSS: 85%CPEs: 7EXPL: 1CVE-2008-4397 – Computer Associates ARCserve - REPORTREMOTEEXECUTECML Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-4397
14 Oct 2008 — Directory traversal vulnerability in the RPC interface (asdbapi.dll) in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to execute arbitrary commands via a .. (dot dot) in an RPC call with opnum 0x10A. Vulnerabilidad de salto de directorio en la interfaz RPC (asdbapi.dll) en CA ARCserve Backup (antes BrightStor ARCserve Backup) vr11.1 hasta vr12.0 permite a atacantes remotos ejecutar comandos de su elección a través de .. (punto punto) en una llamada RPC ... • https://www.exploit-db.com/exploits/16404 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 2%CPEs: 7EXPL: 0CVE-2008-4398
https://notcve.org/view.php?id=CVE-2008-4398
14 Oct 2008 — Unspecified vulnerability in the tape engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request. Vulnerabilidad no especificada en el servicio de motor de cinta en asdbapi.dll de CA ARCserve Backup (anteriormente BrightStor ARCserve Backup) de r11.1 a r12.0 permite a atacantes remotos provocar una denegación de servicio (caída) mediante una petición manipulada. • http://secunia.com/advisories/32220 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 2%CPEs: 7EXPL: 0CVE-2008-4399
https://notcve.org/view.php?id=CVE-2008-4399
14 Oct 2008 — Unspecified vulnerability in the database engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request, related to "insufficient validation." Vulnerabilidad no especificada en el servicio del motor de la base de datos en asdbapi.dll en CA ARCserve Backup (antes BrightStor ARCserve Backup) vr11.1 hasta vr12.0 permite a atacantes remotos provocar una denegación de servicio (caída... • http://secunia.com/advisories/32220 • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 2%CPEs: 7EXPL: 0CVE-2008-4400
https://notcve.org/view.php?id=CVE-2008-4400
14 Oct 2008 — Unspecified vulnerability in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash of multiple services) via crafted authentication credentials, related to "insufficient validation." Vulnerabilidad sin especificar en asdbapi.dll de CA ARCserve Backup (antes llamado BrightStor ARCserve Backup)r11.1 hasta r12.0 permite a un atacante remoto causar una denegación de servicio (caída de varios servicios) por medio de... • http://secunia.com/advisories/32220 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 6%CPEs: 7EXPL: 0CVE-2008-2241 – CA BrightStor ARCserve Backup caloggerd Arbitrary File Writing Vulnerability
https://notcve.org/view.php?id=CVE-2008-2241
19 May 2008 — Directory traversal vulnerability in caloggerd in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allows remote attackers to append arbitrary data to arbitrary files via directory traversal sequences in unspecified input fields, which are used in log messages. NOTE: this can be leveraged for code execution in many installation environments by writing to a startup file or configuration file. Vulnerabilidad de salto de directorio en caloggerd de BrightStor ARCServe Backup 11.0, 11.1 y 11.5, permite a ataca... • http://secunia.com/advisories/30300 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 28%CPEs: 9EXPL: 0CVE-2007-5326
https://notcve.org/view.php?id=CVE-2007-5326
13 Oct 2007 — Multiple buffer overflows in (1) RPC and (2) rpcx.dll in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allow remote attackers to execute arbitrary code via unspecified vectors. Múltiples desbordamientos de búfer en (1) RPC y (2) rpcx.dll de CA BrightStor ARCServer BackUp v9.01 hasta R11.5, y Enterprise Backup r10.5, permiten a atacantes remotos ejecutar código de su elección a través de vectores no especificados. • http://osvdb.org/41368 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 1%CPEs: 9EXPL: 0CVE-2007-5329
https://notcve.org/view.php?id=CVE-2007-5329
13 Oct 2007 — Unspecified vulnerability in dbasvr in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, has unknown impact and attack vectors related to memory corruption. Vulnerabilidad sin especificar en el dbasvr del CA BrightStor ARCServe BackUp v9.01 hasta la R11.5 y el Enterprise Backup r10.5, tiene un impacto desconocido y vectores de ataque relacionados con la corrupción de memoria. • http://osvdb.org/41372 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 16%CPEs: 9EXPL: 0CVE-2007-5331
https://notcve.org/view.php?id=CVE-2007-5331
13 Oct 2007 — Queue.dll for the message queuing service (LQserver.exe) in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to execute arbitrary code via a malformed ONRPC protocol request for operation 0x76, which causes ARCserve Backup to dereference arbitrary pointers. La biblioteca Queue.dll para el servicio de colas de mensajes (LQserver.exe) en CA BrightStor ARCServe BackUp versión v9.01 hasta R11.5, y Enterprise Backup r10.5, permite a atacantes remotos ejecuta... • http://osvdb.org/41371 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 83%CPEs: 8EXPL: 1CVE-2007-2139 – CA BrightStor ArcServe Media Server Multiple Buffer Overflow Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-2139
24 Apr 2007 — Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2, and Business Protection Suite 2, allow remote attackers to execute arbitrary code via malformed RPC strings, a different vulnerability than CVE-2006-5171, CVE-2006-5172, and CVE-2007-1785. Múltiple desbordamiento de búfer basado en pila en el servicio SUN R... • https://www.exploit-db.com/exploits/16413 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2007-0672
https://notcve.org/view.php?id=CVE-2007-0672
03 Feb 2007 — LGSERVER.EXE in BrightStor Mobile Backup 4.0 allows remote attackers to cause a denial of service (disk consumption and daemon hang) via a value of 0xFFFFFF7F at a certain point in an authentication negotiation packet, which writes a large amount of data to a .USX file in CA_BABLDdata\Server\data\transfer\. LGSERVER.EXE de BrightStor Mobile Backup 4.0 permite a atacantes remotos provocar una denegación de servicio (agotamiento de disco y colapso de demonio) mediante un valor 0xFFFFFF7F en un punto concreto ... • http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/babldimpsec-notice.asp •