CVSS: 4.3EPSS: 8%CPEs: 55EXPL: 0CVE-2009-3588
https://notcve.org/view.php?id=CVE-2009-3588
Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service via a crafted RAR archive file that triggers stack corruption, a different vulnerability than CVE-2009-3587. Vulnerabilidad inespecífica en el componente arclib en el motor antivirus en CA Anti-Virus para empresas (anteriormente eTrust Antivirus) desde v7.1 hasta r8.1; Anti-Virus desde 2007 (v8) hasta 2009; eTrust EZ Antivirus r7.1; Internet Security Suite desde 2007 (v3) hasta Plus 2009; y otros productos de CA permite a atacantes remotos producir una denegación de servicio a través de un archivo RAR manipulado que inicia la corrupción de la pila, una vulnerabilidad diferente que CVE-2009-3587. • http://secunia.com/advisories/36976 http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878 http://www.securityfocus.com/archive/1/507068/100/0/threaded http://www.securityfocus.com/bid/36653 http://www.securitytracker.com/id?1022999 http://www.vupen.com/english/advisories/2009/2852 https://exchange.xforce.ibmcloud.com/vulnerabilities/53698 •
CVSS: 5.0EPSS: 6%CPEs: 2EXPL: 2CVE-2009-1761
https://notcve.org/view.php?id=CVE-2009-1761
The message engine in CA ARCserve Backup r12.0 and r12.0 SP1 for Windows allows remote attackers to cause a denial of service (crash) via (1) an invalid 0x13 message, which is not properly handled in the ASCORE module, or (2) a 0x3B message with invalid stub data that triggers an RPC marshalling error. El motor de mensajes en CA ARCserve Backup r12.0 y r12.0 SP1 para Windows permite a atacantes remotos producir una denegación de servicio (caída) a través de (1) un mensaje 0x13 invalido, el cual no es adecuadamente gestionado por el modulo ASCORE, o (2) un mensaje 0x3B con unos datos incompletos que inician un error RPC. • http://community.ca.com/blogs/casecurityresponseblog/archive/2009/06/15/ca20090615-01-ca-arcserve-backup-message-engine-denial-of-service-vulnerabilities.aspx http://secunia.com/advisories/35473 http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=209502 http://www.ivizsecurity.com/security-advisory-iviz-sr-09003.html http://www.ivizsecurity.com/security-advisory-iviz-sr-09004.html http://www.securityfocus.com/archive/1/504348/100/0/threaded http://www.securityfocus.com/archive/1/504349/100 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 4%CPEs: 39EXPL: 0CVE-2009-0042
https://notcve.org/view.php?id=CVE-2009-0042
Multiple unspecified vulnerabilities in the Arclib library (arclib.dll) before 7.3.0.15 in the CA Anti-Virus engine for CA Anti-Virus for the Enterprise 7.1, r8, and r8.1; Anti-Virus 2007 v8 and 2008; Internet Security Suite 2007 v3 and 2008; and other CA products allow remote attackers to bypass virus detection via a malformed archive file. Múltiples vulnerabilidades sin especificar en la bilioteca Arclib (arclib.dll) anterior a v 7.3.0.15 en el motor de CA Anti-Virus para CA Anti-Virus Enterprise v7.1, r8, y r8.1; Anti-Virus 2007 v8 y 2008; Internet Security Suite 2007 v3 y 2008; y otros productos CA, permite a atacantes remotos evitar la detección de virus a través de un fichero mal formado. • http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/26/ca20090126-01-ca-anti-virus-engine-detection-evasion-multiple-vulnerabilities.aspx http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197601 http://www.securityfocus.com/archive/1/500417/100/0/threaded http://www.securityfocus.com/bid/33464 http://www.securitytracker.com/id?1021639 http://www.vupen.com/english/advisories/2009/0270 https://exchange.xforce.ibmcloud.com/vulnerabilities/48261 •
CVSS: 10.0EPSS: 24%CPEs: 4EXPL: 0CVE-2008-5415
https://notcve.org/view.php?id=CVE-2008-5415
The LDBserver service in the server in CA ARCserve Backup 11.1 through 12.0 on Windows allows remote attackers to execute arbitrary code via a handle_t argument to an RPC endpoint in which the argument refers to an incompatible procedure. El servicio LDBserver en el servidor en CA ARCserve Backup versiones 11.1 hasta 12.0 en Windows, permite a atacantes remotos ejecutar código arbitrario por medio de un argumento handle_t hacia un endpoint RPC en el que el argumento hace referencia a un procedimiento incompatible. • http://community.ca.com/blogs/casecurityresponseblog/archive/2008/12/10.aspx http://osvdb.org/50683 http://secunia.com/advisories/27299 http://secunia.com/secunia_research/2007-82 http://securityreason.com/securityalert/4708 http://www.securityfocus.com/archive/1/499104/100/0/threaded http://www.securityfocus.com/archive/1/499128/100/0/threaded http://www.securityfocus.com/bid/32764 http://www.vupen.com/english/advisories/2008/3404 https://support.ca.com/irj/portal/anonymou •
CVSS: 10.0EPSS: 89%CPEs: 7EXPL: 1CVE-2008-4397 – Computer Associates ARCserve - REPORTREMOTEEXECUTECML Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-4397
Directory traversal vulnerability in the RPC interface (asdbapi.dll) in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to execute arbitrary commands via a .. (dot dot) in an RPC call with opnum 0x10A. Vulnerabilidad de salto de directorio en la interfaz RPC (asdbapi.dll) en CA ARCserve Backup (antes BrightStor ARCserve Backup) vr11.1 hasta vr12.0 permite a atacantes remotos ejecutar comandos de su elección a través de .. (punto punto) en una llamada RPC con un opnum 0x10A. CA BrightStor ARCServe BackUp is an overall data backup solution. • https://www.exploit-db.com/exploits/16404 http://secunia.com/advisories/32220 http://securityreason.com/securityalert/4412 http://www.securityfocus.com/archive/1/497218 http://www.securityfocus.com/archive/1/497281/100/0/threaded http://www.securityfocus.com/bid/31684 http://www.securitytracker.com/id?1021032 http://www.vupen.com/english/advisories/2008/2777 https://exchange.xforce.ibmcloud.com/vulnerabilities/45774 https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1881 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •