6 results (0.009 seconds)

CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0

The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 and 12.9; CA Workload Automation AE 11, 11.3, 11.3.5, and 11.3.6 on AIX, HP-UX, Linux, and Solaris allows local users to modify arbitrary files and consequently gain root privileges via vectors related to insufficient validation. El programa casrvc en CA Common Services, tal como se usa en CA Client Automation 12.8, 12.9, y 14.0; CA SystemEDGE 5.8.2 y 5.9; CA Systems Performance for Infrastructure Managers 12.8 y 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 y 12.9; CA Workload Automation AE 11, 11.3, 11.3.5 y 11.3.6 en AIX, HP-UX, Linux y Solaris permite a usuarios locales modificar archivos arbitrarios y consecuentemente obtener privilegios de root a través de vectores relacionados con validación insuficiente. • http://www.securityfocus.com/archive/1/540062/100/0/threaded http://www.securityfocus.com/bid/95819 http://www.securitytracker.com/id/1037730 https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20170126-01--security-notice-for-ca-common-services-casrvc.html • CWE-20: Improper Input Validation •

CVSS: 3.2EPSS: 0%CPEs: 7EXPL: 0

Unspecified vulnerability in HP Operations Agent 11.00 and Performance Agent 4.73 and 5.0 on AIX, HP-UX, Linux, and Solaris allows local users to bypass intended directory-access restrictions via unknown vectors. Vulnerabilidad no especificada en HP Operations Agent v11.00 y Performance Agent v4.73 y v5.0 en AIX, HP-UX, Linux, y Solaris, permite a usuarios locales evitar las restricciones de acceso del directorio a través de vectores desconocidos • http://marc.info/?l=bugtraq&m=132198248000785&w=2 http://secunia.com/advisories/46971 http://www.securityfocus.com/bid/50761 •

CVSS: 6.4EPSS: 3%CPEs: 9EXPL: 2

ovbbccb.exe 6.20.50.0 and other versions in HP OpenView Performance Agent 4.70 and 5.0; and Operations Agent 11.0, 8.60.005, 8.60.006, 8.60.007, 8.60.008, 8.60.501, and 8.53; allows remote attackers to delete arbitrary files via a full pathname in the File field in a Register command. ovbbccb.exe versión 6.20.50.0 y otras versiones en OpenView Performance Agent versiones 4.70 y 5.0; y el Operations Agent versiones 11.0, 8.60.005, 8.60.006, 8.60.007, 8.60.008, 8.60.501 y 8.53, de HP; permite a los atacantes remotos eliminar archivos arbitrarios por medio de un nombre de ruta completo en el campo File en un comando Register. • http://aluigi.altervista.org/adv/ovbbccb_1-adv.txt http://marc.info/?l=bugtraq&m=131188898632504&w=2 http://secunia.com/advisories/45079 http://securitytracker.com/id?1025715 http://www.securityfocus.com/bid/48481 https://exchange.xforce.ibmcloud.com/vulnerabilities/68269 • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 0%CPEs: 7EXPL: 1

Multiple stack-based buffer overflows in DZIP32.DLL before 5.0.0.8 in DynaZip Max and DZIPS32.DLL before 6.0.0.5 in DynaZip Max Secure; as used in HP OpenView Performance Agent C.04.60, HP Performance Agent C.04.70 and C.04.72, TurboZIP 6.0, and other products; allow user-assisted attackers to execute arbitrary code via a long filename in a ZIP archive during a (1) Fix (aka Repair), (2) Add, (3) Update, or (4) Freshen action, a related issue to CVE-2006-3985. Múltiples desbordamientos de búfer basados en pila en DZIP32.DLL en versiones anteriores a v5.0.0.8 en DynaZip Max y DZIPS32.DLL en versiones anteriores a v6.0.0.5 e DynaZip Max Secure, cuando son usados en HP OpenView Performance Agent C.04.60, HP Performance Agent C.04.70 y C.04.72, TurboZIP 6.0 y otros productos, permiten a atacantes con la intervención del usuario ejecutar código de su elección a través un nombre largo de fichero ZIP durante una acción de (1) "Fix" (reparar), (2) añadir, (3) actualizar o (4) refrescar. Este asunto está relacionado con el CVE-2006-3985. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01622011 http://innermedia.com/upgrades.html http://osvdb.org/53478 http://secunia.com/advisories/21180 http://secunia.com/advisories/34659 http://vuln.sg/dynazip5007-en.html http://vuln.sg/turbozip6-en.html http://www.securityfocus.com/archive/1/441083 http://www.securityfocus.com/archive/1/441084 http://www.securityfocus.com/bid/19143 http://www.securitytracker.com/id?1022021 http://www.vupen.com&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.3EPSS: 7%CPEs: 5EXPL: 0

The Shared Trace Service (aka OVTrace) in HP Performance Agent C.04.70 (aka 4.70), HP OpenView Performance Agent C.04.60 and C.04.61, HP Reporter 3.8, and HP OpenView Reporter 3.7 (aka Report 3.70) allows remote attackers to cause a denial of service via an unspecified series of RPC requests (aka Trace Event Messages) that triggers an out-of-bounds memory access, related to an erroneous object reference. El servicio Shared Trace (también se conoce como OVTrace) en HP Performance Agent versión C.04.70 (4.70), HP OpenView Performance Agent versiones C.04.60 y C.04.61, HP Reporter versión 3.8 y HP OpenView Reporter versión 3.7 (Informe 3.70), permite a los atacantes remotos causar una denegación de servicio por medio de una serie no especificada de peticiones RPC (también se conoce como Mensajes de Eventos de Rastreo) que desencadena un acceso de memoria fuera de límites, relacionado con una referencia de objeto errónea. • http://marc.info/?l=bugtraq&m=122876677518654&w=2 http://marc.info/?l=bugtraq&m=122876827120961&w=2 http://secunia.com/advisories/27054 http://secunia.com/secunia_research/2007-83 http://securityreason.com/securityalert/4501 http://www.securityfocus.com/archive/1/497648/100/0/threaded http://www.securityfocus.com/bid/31860 http://www.securitytracker.com/id?1021092 http://www.vupen.com/english/advisories/2008/2888 https://exchange.xforce.ibmcloud.com/vulnerabilities/46028 •