CVSS: 5.0EPSS: 3%CPEs: 5EXPL: 0CVE-2008-3174
https://notcve.org/view.php?id=CVE-2008-3174
Unspecified vulnerability in the kmxfw.sys driver in CA Host-Based Intrusion Prevention System (HIPS) r8, as used in CA Internet Security Suite and Personal Firewall, allows remote attackers to cause a denial of service via unknown vectors, related to "insufficient validation." Vulnerabilidad no especificada en el controlador kmxfw.sys en CA Host-Based Intrusion Prevention System (HIPS) r8, como lo utilizado en CA Internet Security Suite y Personal Firewall, permite a atacantes remotos provocar una denegación de servicio a través de vectores no especificados, relacionado con "validación insuficiente". • http://secunia.com/advisories/31434 http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=36560 http://www.securityfocus.com/archive/1/495397/100/0/threaded http://www.securityfocus.com/bid/30651 http://www.securitytracker.com/id?1020661 http://www.securitytracker.com/id?1020662 http://www.securitytracker.com/id?1020663 http://www.vupen.com/english/advisories/2008/2339 https://exchange.xforce.ibmcloud.com/vulnerabilities/44393 •
CVSS: 9.3EPSS: 29%CPEs: 30EXPL: 0CVE-2008-1786
https://notcve.org/view.php?id=CVE-2008-1786
The DSM gui_cm_ctrls ActiveX control (gui_cm_ctrls.ocx), as used in multiple CA products including BrightStor ARCServe Backup for Laptops and Desktops r11.5, Desktop Management Suite r11.1 through r11.2 C2; Unicenter r11.1 through r11.2 C2; and Desktop and Server Management r11.1 through r11.2 C2 allows remote attackers to execute arbitrary code via crafted function arguments. El control ActiveX DSM gui_cm_ctrls (archivo gui_cm_ctrls.ocx), tal y como es usado en distintos productos de CA, incluyendo a BrightStor ARCServe Backup for Laptops and Desktops versión r11.5, Desktop Management Suite versiones r11.1 hasta r11.2 C2; Unicenter versiones r11.1 hasta r11.2 C2; y Desktop and Server Management versiones r11.1 hasta r11.2 C2, permite a los atacantes remotos ejecutar código arbitrario por medio de argumentos de función diseñados. • http://community.ca.com/blogs/casecurityresponseblog/archive/2008/04/16/ca-dsm-gui-cm-ctrls-activex-control-vulnerability.aspx http://secunia.com/advisories/29837 http://www.kb.cert.org/vuls/id/684883 http://www.securityfocus.com/archive/1/490959/100/0/threaded http://www.securityfocus.com/bid/28809 http://www.securitytracker.com/id?1019872 http://www.vupen.com/english/advisories/2008/1249/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41853 https://support.ca.com/ • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 89%CPEs: 8EXPL: 0CVE-2008-1328
https://notcve.org/view.php?id=CVE-2008-1328
Buffer overflow in the LGServer service in CA ARCserve Backup for Laptops and Desktops r11.0 through r11.5, and Suite 11.1 and 11.2, allows remote attackers to execute arbitrary code via unspecified "command arguments." Desbordamiento de Búfer del Servicio LGServer de CA ARCserve Backup for Laptops and Desktops versiones de la r11.0 a la r11.5 y Suite 11.1 and 11.2, permite a atacantes remotos ejecutar código de su elección a través de argumentos de comando no especificados. • http://securityreason.com/securityalert/3800 http://www.securityfocus.com/archive/1/490463/100/0/threaded http://www.securityfocus.com/bid/28616 http://www.securitytracker.com/id?1019788 http://www.vupen.com/english/advisories/2008/1104/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41641 https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173105 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 1%CPEs: 8EXPL: 0CVE-2008-1329
https://notcve.org/view.php?id=CVE-2008-1329
Unspecified vulnerability in the NetBackup service in CA ARCserve Backup for Laptops and Desktops r11.0 through r11.5, and Suite 11.1 and 11.2, allows remote attackers to execute arbitrary commands, related to "insufficient verification of file uploads." Vulnerabilidad no especificada del servicio NetBackup de CA ARCserve Backup for Laptops and Desktops versiones de la r11.0 a la r11.5 y Suite 11.1 and 11.2, permite a atacantes remotos ejecutar comandos de su elección, relacionado con “subidas de archivos sin suficiente verificacion” • http://securityreason.com/securityalert/3800 http://www.securityfocus.com/archive/1/490463/100/0/threaded http://www.securityfocus.com/bid/28616 http://www.securitytracker.com/id?1019788 http://www.vupen.com/english/advisories/2008/1104/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41642 https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173105 •
CVSS: 9.3EPSS: 93%CPEs: 30EXPL: 3CVE-2008-1472 – CA BrightStor ARCserve Backup - 'AddColumn()' ActiveX Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-1472
Stack-based buffer overflow in the ListCtrl ActiveX Control (ListCtrl.ocx), as used in multiple CA products including BrightStor ARCserve Backup R11.5, Desktop Management Suite r11.1 through r11.2, and Unicenter products r11.1 through r11.2, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long argument to the AddColumn method. Un desbordamiento de búfer en la región stack de la memoria en el control ActiveX ListCtrl (ListCtrl.ocx), como es usado en varios productos de CA, incluyendo BrightStor ARCserve Backup versión R11.5, Desktop Management Suite versiones r11.1 hasta r11.2 y productos Unicenter versiones r11.1 hasta r11. 2, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo) por medio de un argumento largo en el método AddColumn. The CA BrightStor ARCserve Backup ActiveX control (ListCtrl.ocx) is vulnerable to a stack-based buffer overflow. By passing an overly long argument to the AddColumn() method, a remote attacker could overflow a buffer and execute arbitrary code on the system. • https://www.exploit-db.com/exploits/16577 https://www.exploit-db.com/exploits/5264 http://community.ca.com/blogs/casecurityresponseblog/archive/2008/3/28.aspx http://secunia.com/advisories/29408 http://www.securityfocus.com/archive/1/489893/100/0/threaded http://www.securityfocus.com/archive/1/490263/100/0/threaded http://www.securityfocus.com/bid/28268 http://www.securitytracker.com/id?1019617 http://www.vupen.com/english/advisories/2008/0902/references https://exchange. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •