[Full-disclosure] CA20140218-01: Security Notice for CA 2E Web Option

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CA20140218-01: Security Notice for CA 2E Web Option Issued: February 18, 2014 CA Technologies Support is alerting customers to a potential risk in CA 2E Web Option (C2WEB). A vulnerability exists that can allow an attacker to exploit an

Re: [Full-disclosure] CVE-2014-1219 - Unauthenticated Privilege Escalation in CA 2E Web Option

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Date: Wed, 12 Feb 2014 15:59:34 - From: Portcullis Advisories advisor...@portcullis-security.com [snip] Vulnerability title: Unauthenticated Privilege Escalation in CA 2E Web Option CVE: CVE-2014-1219 Vendor: CA Product: 2E Web Option

[Full-disclosure] CA20121220-01: Security Notice for CA IdentityMinder [updated]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CA20121220-01: Security Notice for CA IdentityMinder Issued: December 20, 2012 Updated: January 18, 2013 CA Technologies Support is alerting customers to two potential risks in CA IdentityMinder (formerly known as CA Identity Manager). Two

[Full-disclosure] CA20121220-01: Security Notice for CA IdentityMinder

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CA20121220-01: Security Notice for CA IdentityMinder Issued: December 20, 2012 CA Technologies Support is alerting customers to two potential risks in CA IdentityMinder (formerly known as CA Identity Manager). Two vulnerabilities exist that can

[Full-disclosure] CA20121001-01: Security Notice for CA License

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CA20121001-01: Security Notice for CA License Issued: October 01, 2012 CA Technologies Support is alerting customers to two potential risks in CA License (also known as CA Licensing). Vulnerabilities exist that can allow a local attacker to

[Full-disclosure] CA20111208-01: Security Notice for CA SiteMinder [updated]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CA20111208-01: Security Notice for CA SiteMinder Issued: December 08, 2011 Updated: August 22, 2012 CA Technologies Support is alerting customers to a potential risk in CA SiteMinder, CA Federation Manager, CA SOA Security Manager, CA SiteMinder

[Full-disclosure] CA20111208-01: Security Notice for CA SiteMinder

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CA20111208-01: Security Notice for CA SiteMinder Issued: December 08, 2011 CA Technologies Support is alerting customers to a potential risk in CA SiteMinder. A vulnerability exists that can allow a malicious user to execute a reflected cross site

[Full-disclosure] CA20110809-01: Security Notice for CA ARCserve D2D

CA20110809-01: Security Notice for CA ARCserve D2D Issued: August 9, 2011 CA Technologies support is alerting customers to a security risk associated with CA ARCserve D2D. A vulnerability exists that can allow a remote attacker to access credentials and execute arbitrary commands. CA

Re: [Full-disclosure] CA20110420-02: Security Notice for CA Output Management Web Viewer

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CA20110420-01: Security Notice for CA SiteMinder Issued: April 20, 2011 Updated: May 19, 2011 CA Technologies support is alerting customers to a security risk associated with CA SiteMinder. A vulnerability exists that can allow a malicious

[Full-disclosure] CA20110420-02: Security Notice for CA Output Management Web Viewer

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CA20110420-02: Security Notice for CA Output Management Web Viewer Issued: April 20, 2011 CA Technologies support is alerting customers to security risks associated with CA Output Management Web Viewer. Two vulnerabilities exist that can allow

[Full-disclosure] CA20110420-01: Security Notice for CA SiteMinder

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CA20110420-01: Security Notice for CA SiteMinder Issued: April 20, 2011 CA Technologies support is alerting customers to a security risk associated with CA SiteMinder. A vulnerability exists that can allow a malicious user to impersonate

[Full-disclosure] CA20110223-01: Security Notice for CA Host-Based Intrusion Prevention System

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CA20110223-01: Security Notice for CA Host-Based Intrusion Prevention System Issued: February 23, 2011 Updated: February 24, 2011 CA Technologies support is alerting customers to a security risk associated with CA Host-Based Intrusion Prevention

[Full-disclosure] CA20101231-01: Security Notice for CA ARCserve D2D (updated)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CA20101231-01: Security Notice for CA ARCserve D2D Issued: December 31, 2010 Last Updated: January 26, 2011 CA Technologies support is alerting customers to a security risk with CA ARCserve D2D. A vulnerability exists that can allow a remote

[Full-disclosure] CA20101231-01: Security Notice for CA ARCserve D2D

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CA20101231-01: Security Notice for CA ARCserve D2D Issued: December 31, 2010 CA Technologies support is alerting customers to a security risk with CA ARCserve D2D. A vulnerability exists that can allow a remote attacker to execute arbitrary code.

[Full-disclosure] CA20100304-01: Security Notice for CA SiteMinder

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CA20100304-01: Security Notice for CA SiteMinder Issued: March 04, 2010 CA's support is alerting customers to a security risk with CA SiteMinder. Multiple cross site scripting (XSS) vulnerabilities exist that can allow a remote attacker to

[Full-disclosure] CA20091008-01: Security Notice for CA Anti-Virus Engine

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CA20091008-01: Security Notice for CA Anti-Virus Engine Issued: October 8, 2009 CA's support is alerting customers to multiple security risks associated with CA Anti-Virus Engine. Vulnerabilities exist in the arclib component that can allow a

[Full-disclosure] CA20090615-01: CA ARCserve Backup Message Engine Denial of Service Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Title: CA20090615-01: CA ARCserve Backup Message Engine Denial of Service Vulnerabilities CA Advisory Reference: CA20090615-01 CA Advisory Date: 2009-06-15 Reported By: iViZ Security Research Team Impact: A remote attacker can cause a denial

[Full-disclosure] CA20090615-01: CA ARCserve Backup Message Engine Denial of Service Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Title: CA20090615-01: CA ARCserve Backup Message Engine Denial of Service Vulnerabilities CA Advisory Reference: CA20090615-01 CA Advisory Date: 2009-06-15 Reported By: iViZ Security Research Team Impact: A remote attacker can cause a denial

[Full-disclosure] CA20090615-02: CA Service Desk Tomcat Cross Site Scripting Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Title: CA20090615-02: CA Service Desk Tomcat Cross Site Scripting Vulnerability CA Advisory Reference: CA20090615-02 CA Advisory Date: 2009-06-15 Impact: A remote attacker can inject arbitrary web script or HTML. Summary: The release of

[Full-disclosure] CA20090429-01: CA ARCserve Backup Apache HTTP Server Multiple Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Title: CA20090429-01: CA ARCserve Backup Apache HTTP Server Multiple Vulnerabilities CA Advisory Reference: CA20090429-01 CA Advisory Date: 2009-04-29 Reported By: Apache Software Foundation David Endler of iDefense Ulf Harnhammar for SITIC,

[Full-disclosure] CA20090126-01: CA Anti-Virus Engine Detection Evasion Multiple Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Title: CA20090126-01: CA Anti-Virus Engine Detection Evasion Multiple Vulnerabilities CA Advisory Reference: CA20090126-01 CA Advisory Date: 2009-01-26 Reported By: Thierry Zoller and Sergio Alvarez of n.runs AG Impact: A remote attacker can

[Full-disclosure] CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Title: CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities CA Advisory Reference: CA20090123-01 CA Advisory Date: 2009-01-23 Reported By: n/a Impact: Refer to the CVE identifiers for details. Summary: Multiple security risks exist in

[Full-disclosure] CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Title: CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities CA Advisory Reference: CA20090123-01 CA Advisory Date: 2009-01-23 Reported By: n/a Impact: A remote attacker can execute arbitrary commands. Summary: Multiple security risks

[Full-disclosure] CA ARCserve Backup LDBserver Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Title: CA ARCserve Backup LDBserver Vulnerability CA Advisory Date: 2008-12-10 Reported By: Dyon Balding of Secunia Research Impact: A remote attacker can cause a denial of service or execute arbitrary code. Summary: CA ARCserve Backup

[Full-disclosure] CA ARCserve Backup Multiple Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Title: CA ARCserve Backup Multiple Vulnerabilities CA Advisory Date: 2008-10-09 Reported By: Haifei Li of Fortinet's FortiGuard Global Security Research Team Vulnerability Research Team of Assurent Secure Technologies, a TELUS Company Greg

[Full-disclosure] CA Service Desk Multiple Cross-Site Scripting Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Title: CA Service Desk Multiple Cross-Site Scripting Vulnerabilities CA Advisory Date: 2008-09-24 Reported By: Open Security Foundation Impact: A remote attacker can conduct cross-site scripting attacks. Summary: CA Service Desk contains

[Full-disclosure] CA Host-Based Intrusion Prevention System SDK kmxfw.sys Multiple Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Title: CA Host-Based Intrusion Prevention System SDK kmxfw.sys Multiple Vulnerabilities CA Advisory Date: 2008-08-11 Reported By: CVE-2008-2926 - Tobias Klein CVE-2008-3174 - Elazar Broad Impact: A remote attacker can cause a denial of service

[Full-disclosure] CA Products That Embed Ingres Multiple Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Title: CA Products That Embed Ingres Multiple Vulnerabilities CA Advisory Date: 2008-08-01 Reported By: iDefense Labs Impact: A remote attacker can execute arbitrary code, gain privileges, or cause a denial of service condition. Summary: CA

[Full-disclosure] CA ARCserve Backup for Laptops and Desktops Server LGServer Service Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Title: CA ARCserve Backup for Laptops and Desktops Server LGServer Service Vulnerability CA Advisory Date: 2008-07-31 Reported By: Vulnerability Research Team of Assurent Secure Technologies, a TELUS Company Impact: A remote attacker can

[Full-disclosure] CA ARCserve Backup Discovery Service Denial of Service Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Title: CA ARCserve Backup Discovery Service Denial of Service Vulnerability CA Advisory Date: 2008-06-17 Reported By: Luigi Auriemma Impact: A remote attacker can cause a denial of service. Summary: CA ARCserve Backup contains a vulnerability

[Full-disclosure] CA Secure Content Manager HTTP Gateway Service FTP Request Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Title: CA Secure Content Manager HTTP Gateway Service FTP Request Vulnerabilities CA Advisory Date: 2008-06-03 Reported By: Sebastian Apelt working with ZDI/TippingPoint Cody Pierce, TippingPoint DVLabs Impact: A remote attacker

[Full-disclosure] CA DSM gui_cm_ctrls ActiveX Control Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Title: CA DSM gui_cm_ctrls ActiveX Control Vulnerability CA Advisory Date: 2008-04-15 Reported By: Greg Linares of eEye Digital Security Impact: A remote attacker can execute arbitrary code or cause a denial of service condition. Summary: CA

[Full-disclosure] CA ARCserve Backup for Laptops and Desktops Server and CA Desktop Management Suite Multiple Vulnerabilities

Title: CA ARCserve Backup for Laptops and Desktops Server and CA Desktop Management Suite Multiple Vulnerabilities CA Advisory Date: 2008-04-03 Reported By: Dyon Balding of Secunia Research Impact: A remote attacker can execute arbitrary code or cause a denial of service condition. Summary:

[Full-disclosure] CA Multiple Products DSM ListCtrl ActiveX Control Buffer Overflow Vulnerability

Title: CA Multiple Products DSM ListCtrl ActiveX Control Buffer Overflow Vulnerability CVE: CVE-2008-1472 CA Advisory Date: 2008-03-28 Reported By: Exploit code posted at milw0rm.com Impact: A remote attacker can cause a denial of service or execute arbitrary code. Summary: CA products

[Full-disclosure] Note about recently publicized CA BrightStor ActiveX exploit code

CA is reviewing exploit code that was posted on 2008-03-16 to the Milw0rm exploit archive web site. This exploit code is potentially associated with vulnerabilities that may exist in CA BrightStor ARCserve Backup for Laptops and Desktops and/or related products. CA will issue an advisory

[Full-disclosure] [CAID 35970]: CA Products That Embed Ingres Authentication Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Title: [CAID 35970]: CA Products That Embed Ingres Authentication Vulnerability CA Vuln ID (CAID): 35970 CA Advisory Date: 2007-12-19 Reported By: Ingres Corporation Impact: Attacker can gain elevated privileges. Summary: A potential

[Full-disclosure] [CAID 35724, 35725, 35726]: CA BrightStor ARCserve Backup Multiple Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Title: [CAID 35724, 35725, 35726]: CA BrightStor ARCserve Backup Multiple Vulnerabilities CA Vuln ID (CAID): 35724, 35725, 35726 CA Advisory Date: 2007-10-10 CA Advisory Updated: 2007-12-05 Reported By: Anonymous researcher working with the

Re: [Full-disclosure] ZDI-07-069: CA BrightStor ARCserve Backup Message Engine Insecure Method Exposure Vulnerability

Date: Wed, 28 Nov 2007 03:32:51 + From: cocoruder. [EMAIL PROTECTED] Subject: Re: [Full-disclosure] ZDI-07-069: CA BrightStor ARCserve Backup Message Engine Insecure Method Expos To: full-disclosure@lists.grok.org.uk, [EMAIL PROTECTED] it is so amazing that the vendor's

[Full-disclosure] [CAID 35754]: CA Host-Based Intrusion Prevention System (CA HIPS) Server Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Title: [CAID 35754]: CA Host-Based Intrusion Prevention System (CA HIPS) Server Vulnerability CA Vuln ID (CAID): 35754 CA Advisory Date: 2007-10-18 Reported By: David Maciejak Impact: A remote attacker can take unauthorized administrative

[Full-disclosure] [CAID 35724, 35725, 35726]: CA BrightStor ARCserve Backup Multiple Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Title: [CAID 35724, 35725, 35726]: CA BrightStor ARCserve Backup Multiple Vulnerabilities CA Vuln ID (CAID): 35724, 35725, 35726 CA Advisory Date: 2007-10-10 Reported By: Anonymous researcher working with the iDefense VCP (CVE-2007-5325) Dyon

[Full-disclosure] [CAID 35690, 35691, 35692]: CA BrightStor Hierarchical Storage Manager CsAgent Multiple Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Title: [CAID 35690, 35691, 35692]: CA BrightStor Hierarchical Storage Manager CsAgent Multiple Vulnerabilities CA Vuln ID (CAID): 35690, 35691, 35692 CA Advisory Date: 2007-09-26 Reported By: Sean Larsson, iDefense Labs anonymous

Re: [Full-disclosure] [CAID 35525, 35526]: CA Products Arclib Library Denial of Service Vulnerabilities

-Original Message- From: Williams, James K Sent: Tuesday, July 24, 2007 7:56 PM To: 'full-disclosure@lists.grok.org.uk' Subject: [CAID 35525, 35526]: CA Products Arclib Library Denial of Service Vulnerabilities Title: [CAID 35525, 35526]: CA Products Arclib Library Denial

[Full-disclosure] [CAID 35527]: CA Message Queuing (CAM / CAFT) Buffer Overflow Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Title: [CAID 35527]: CA Message Queuing (CAM / CAFT) Buffer Overflow Vulnerability CA Vuln ID (CAID): 35527 CA Advisory Date: 2007-07-24 Reported By: Paul Mehta of ISS X-Force Impact: A remote attacker can execute arbitrary code. Summary:

[Full-disclosure] [CAID 35524]: CA eTrust Intrusion Detection caller.dll Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Title: [CAID 35524]: eTrust Intrusion Detection caller.dll Vulnerability CA Vuln ID (CAID): 35524 CA Advisory Date: 2007-07-24 Reported By: Sebastian Apelt working with the iDefense VCP Impact: A remote attacker can execute arbitrary code.

[Full-disclosure] [CAID 35525, 35526]: CA Products Arclib Library Denial of Service Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Title: [CAID 35525, 35526]: CA Products Arclib Library Denial of Service Vulnerabilities CA Vuln ID (CAID): 35525, 35526 CA Advisory Date: 2007-07-24 Reported By: CVE-2006-5645 - Titon of BastardLabs and Damian Put pucik at overflow dot pl

[Full-disclosure] [CAID 35515]: CA Products Alert Service RPC Procedure Buffer Overflow Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Title: [CAID 35515]: CA Products Alert Service RPC Procedure Buffer Overflow Vulnerabilities CA Vuln ID (CAID): 35515 CA Advisory Date: 2007-07-17 Reported By: Anonymous researcher working with the iDefense VCP Impact: Remote attacker can cause a

[Full-disclosure] [CAID 35450, 35451, 35452, 35453]: CA Products That Embed Ingres Multiple Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Title: [CAID 35450, 35451, 35452, 35453]: CA Products That Embed Ingres Multiple Vulnerabilities CA Vuln ID (CAID): 35450, 35451, 35452, 35453 CA Advisory Date: 2007-06-21 Reported By: NGSSoftware, and iDefense Impact: Attackers can potentially

[Full-disclosure] [CAID 35395, 35396]: CA Anti-Virus Engine CAB File Buffer Overflow Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Title: [CAID 35395, 35396]: CA Anti-Virus Engine CAB File Buffer Overflow Vulnerabilities CA Vuln ID (CAID): 35395, 35396 CA Advisory Date: 2007-06-05 Reported By: ZDI Impact: Remote attackers can cause a denial of service or potentially execute

[Full-disclosure] CA BrightStor ARCserve Backup Mediasvr.exe and caloggerd.exe Vulnerabilities

Title: CA BrightStor ARCserve Backup Mediasvr.exe and caloggerd.exe Vulnerabilities Notice Date: 2007-05-16 CA is aware that two functional exploit code samples were publicized on May 16, 2007. These two denial of service exploits are associated with vulnerabilities in CA BrightStor ARCserve

[Full-disclosure] [CAID 35330, 35331]: CA Anti-Virus, CA Threat Manager, and CA Anti-Spyware Console Login and File Mapping Vulnerabilities

Title: [CAID 35330, 35331]: CA Anti-Virus, CA Threat Manager, and CA Anti-Spyware Console Login and File Mapping Vulnerabilities CA Vuln ID (CAID): 35330, 35331 CA Advisory Date: 2007-05-09 Reported By: ZDI, iDefense Impact: Attackers can cause a denial of service or potentially execute

[Full-disclosure] [CAID 35198, 35276]: CA BrightStor ARCserve Backup Media Server Vulnerabilities

Title: [CAID 35198, 35276]: CA BrightStor ARCserve Backup Media Server Vulnerabilities CA Vuln ID (CAID): 35198, 35276 CA Advisory Date: 2007-04-24 Reported By: ZDI Impact: Remote attackers can cause a denial of service or potentially execute arbitrary code. Summary: CA BrightStor ARCserve

[Full-disclosure] [CAID 35277]: CA CleverPath Portal SQL Injection Vulnerability

Title: [CAID 35277]: CA CleverPath Portal SQL Injection Vulnerability CA Vuln ID (CAID): 35277 CA Advisory Date: 2007-04-24 Reported By: Hacktics Ltd Impact: Local attacker can access confidential data. Summary: CA CleverPath Portal contains a vulnerability that can allow a local attacker

[Full-disclosure] CA BrightStor ARCserve Backup Mediasvr.exe vulnerability

CA is aware that functional exploit code was publicized on March 30, 2007 for a CA BrightStor ARCserve Backup Mediasvr.exe vulnerability. We have verified that a high risk vulnerability does exist and we are now working on a patch to address the issue. CA recommends that BrightStor

[Full-disclosure] [CAID 34817, 35058, 35158, 35159]: CA BrightStor ARCserve Backup Tape Engine and Portmapper Vulnerabilities

Title: [CAID 34817, 35058, 35158, 35159]: CA BrightStor ARCserve Backup Tape Engine and Portmapper Vulnerabilities CA Vuln ID (CAID): 34817, 35058, 35158, 35159 CA Advisory Date: 2007-03-15 Reported By: McAfee Impact: Remote attackers can cause a denial of service or potentially execute

[Full-disclosure] [CAID 35145]: CA eTrust Admin Privilege Escalation Vulnerability

Title: [CAID 35145]: CA eTrust Admin Privilege Escalation Vulnerability CA Vuln ID (CAID): 35145 CA Advisory Date: 2007-03-08 Impact: Attackers can gain escalated privileges. Summary: The CA eTrust Admin GINA component contains a privilege escalation vulnerability within the reset password

[Full-disclosure] [CAID 35112]: CA eTrust Intrusion Detection Denial of Service Vulnerability

Title: [CAID 35112]: CA eTrust Intrusion Detection Denial of Service Vulnerability CA Vuln ID (CAID): 35112 CA Advisory Date: 2007-02-27 Reported By: iDefense Impact: Remote attackers can cause a denial of service condition. Summary: CA eTrust Intrusion Detection contains a vulnerability

[Full-disclosure] [CAID 34993]: CA BrightStor ARCserve Backup for Laptops and Desktops Multiple Overflow Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Title: [CAID 34993]: CA BrightStor ARCserve Backup for Laptops and Desktops Multiple Overflow Vulnerabilities CA Vuln ID (CAID): 34993 CA Advisory Date: 2007-01-23 Discovered By: Next Generation Security Software Impact: Remote attacker can

[Full-disclosure] [CAID 34818]: CA Personal Firewall Multiple Privilege Escalation Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Title: [CAID 34818]: CA Personal Firewall Multiple Privilege Escalation Vulnerabilities CA Vuln ID (CAID): 34818 CA Advisory Date: 2007-01-22 Discovered By: Reverse Mode Impact: Local attacker can gain escalated privileges. Summary: Multiple

Re: [Full-disclosure] CA BrightStor ARCserve Backup Tape Engine Exploit Security Notice

[Full-disclosure] CA BrightStor ARCserve Backup Tape Engine Exploit Security Notice TheGesus thegesus at gmail.com Wed Jan 10 16:38:47 GMT 2007 On 1/9/07, Williams, James K James.Williams at ca.com wrote: [...] CA BrightStor ARCserve Backup Tape Engine Exploit Security Notice CA

[Full-disclosure] [CAID 34955, 34956, 34957, 34958, 34959, 34817]: CA BrightStor ARCserve Backup Multiple Overflow Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Title: [CAID 34955, 34956, 34957, 34958, 34959, 34817]: BrightStor ARCserve Backup Multiple Overflow Vulnerabilities CA Vuln ID (CAID): 34955, 34956, 34957, 34958, 34959, 34817 CA Advisory Date: 2007-01-11 Discovered By: TippingPoint, IBM ISS,

[Full-disclosure] CA BrightStor ARCserve Backup Tape Engine Exploit Security Notice

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CA BrightStor ARCserve Backup Tape Engine Exploit Security Notice CA is aware that exploit code for a vulnerability in the Tape Engine component of CA BrightStor ARCserve Backup was posted on several security web sites and mailing lists on

[Full-disclosure] [CAID 34876]: CA CleverPath Portal Session Inheritance Vulnerability

Title: CAID 34876: CA CleverPath Portal Session Inheritance Vulnerability CA Vulnerability ID (CAID): 34876 CA Advisory Date: 2006-12-19 Discovered By: CA customer and CA Technical Support Impact: Remote attackers can potentially gain access to a user's Portal session. Summary: CA

[Full-disclosure] [CAID 34870]: CA Anti-Virus vetfddnt.sys, vetmonnt.sys Local Denial of Service Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Title: CAID 34870: CA Anti-Virus vetfddnt.sys, vetmonnt.sys Local Denial of Service Vulnerabilities CA Vulnerability ID (CAID): 34870 CA Advisory Date: 2006-12-13 Discovered By: Rubén Santamarta (reversemode.com) Impact: Local unprivileged

Re: [Full-disclosure] LS-20061001 - Computer Associates BrightStor ARCserve Backup v11.5 Remote Buffer Overflow Vulnerability

[Full-disclosure] LS-20061001 - Computer Associates BrightStor ARCserve Backup v11.5 Remote Buffer Overflow Vulnerability advisories at lssec.com advisories at lssec.com Fri Dec 8 21:40:47 GMT 2006 LS-20061001 [...] Technical details: http://www.lssec.com/advisories.html LSsecurity

Re: [Full-disclosure] LS-20060908 - Computer Associates BrightStor ARCserve Backup v11.5 Remote Buffer Overflow Vulnerability

[Full-disclosure] LS-20060908 - Computer Associates BrightStor ARCserve Backup v11.5 Remote Buffer Overflow Vulnerability advisories at lssec.com advisories at lssec.com Fri Dec 8 21:39:31 GMT 2006 LS-20060908 [...] Technical details: http://www.lssec.com/advisories.html LSsecurity

[Full-disclosure] [CAID 34846]: CA BrightStor ARCserve Backup Discovery Service Buffer Overflow Vulnerability

Title: CAID 34846: CA BrightStor ARCserve Backup Discovery Service Buffer Overflow Vulnerability CA Vulnerability ID (CAID): 34846 CA Advisory Date: 2006-12-07 Discovered By: Assurent Secure Technologies (assurent.com) Impact: Remote attacker can execute arbitrary code. Summary: CA

[Full-disclosure] [CAID 34693, 34694]: CA BrightStor ARCserve Backup Multiple Buffer Overflow Vulnerabilities (UPDATED)

Our original fixes for the BrightStor ARCserve Backup vulnerabilities that we publicly disclosed on 2006-10-05 (http://www3.ca.com/securityadvisor/blogs/posting.aspx?id=90744pid=93775date=2006/10) did not completely resolve one of the vulnerabilities. Consequently, we have released new fixes

[Full-disclosure] [CAID 34693, 34694]: CA BrightStor ARCserve Backup Multiple Buffer Overflow Vulnerabilities

Title: CAID 34693, 34694: CA BrightStor ARCserve Backup Multiple Buffer Overflow Vulnerabilities CA Vulnerability ID (CAID): 34693, 34694 CA Advisory Date: 2006-10-05 Discovered By: TippingPoint, www.zerodayinitiative.com Impact: Remote attacker can execute arbitrary code. Summary: CA

[Full-disclosure] [CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability

Title: CAID 34661: CA Unicenter WSDM File System Read Access Vulnerability CA Vulnerability ID (CAID): 34661 CA Advisory Date: 2006-10-03 Discovered By: Oliver Karow, Symantec Security Consultant oliver_karow at symantec dot com Richard Sammet, Symantec Security Consultant richard_sammet at

[Full-disclosure] [CAID 34616, 34617, 34618]: CA eSCC and eTrust Audit vulnerabilities

Title: CAID 34616, 34617, 34618: CA eTrust Security Command Center and eTrust Audit vulnerabilities CA Vulnerability ID (CAID): 34616, 34617, 34618 CA Advisory Date: 2006-09-20 Discovered By: Patrick Webster of aushack.com Impact: Remote attacker can read/delete files, or potentially

[Full-disclosure] CAID 34509 - CA eTrust Antivirus WebScan vulnerabilities

Title: CA eTrust Antivirus WebScan vulnerabilities CA Vulnerability ID (CAID): 34509 CA Advisory Date: 2006-08-03 Discovered By: Matt Murphy of the TippingPoint Security Research Team Impact: Remote attacker can execute arbitrary code. Summary: Ca eTrust Antivirus WebScan is a free,

[Full-disclosure] CAID 34325 - CA ITM, eAV, ePP scan job description field format string vulnerability

Title: CAID 34325 - CA ITM, eAV, ePP scan job description field format string vulnerability CA Vulnerability ID: 34325 CA Advisory Date: 2006-06-26 Discovered By: Deral Heiland (www.layereddefense.com) Impact: Attackers can cause a denial of service condition or possibly execute arbitrary

[Full-disclosure] CAID 34013 - CA Common Services CAIRIM on z/OS LMP SVC vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Title: CAID 34013 - CA Common Services CAIRIM on z/OS LMP SVC vulnerability CA Vulnerability ID: 34013 CA Advisory Date: 2006-05-02 Discovered By: IBM Global Services Impact: Local attacker can gain escalated privileges. Summary: A

[Full-disclosure] CAID 33581 - CA Message Queuing Denial of Service Vulnerabilities

Title: CAID 33581 - CA Message Queuing Denial of Service Vulnerabilities CA Vulnerability ID: 33581 CA Advisory Date: 2006-02-02 Discovered By: Nicolas Pouvesle of Tenable Network Security Impact: Remote attacker can cause a denial of service condition. Summary: The following two security

[Full-disclosure] CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability [v1.1]

Please see below for important changes to CAID 33778. Changelog is near end of advisory. Regards, Ken Williams Title: CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability [v1.1] CA Vulnerability ID: 33778 CA Advisory Date: 2006-01-23 Updated Advisory [v1.1]: 2006-01-26

[Full-disclosure] CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability

Title: CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability CA Vulnerability ID: 33778 CA Advisory Date: 2006-01-23 Discovered By: Erika Mendoza reported this issue to iDefense. Impact: Remote attacker can execute arbitrary code with SYSTEM privileges. Summary: The CA

[Full-disclosure] CAID 33756 - DM Deployment Common Component Vulnerabilities

Title: CAID 33756 - DM Deployment Common Component Vulnerabilities CA Vulnerability ID: 33756 Discovery Date: 2005-12-20 CA Advisory Date: 2006-01-17 Discovered By: Cengiz Aykanat (CA internal audit), and Karma[at]DesignFolks[dot]com[dot]au. Impact: Remote attacker can cause a denial of

[Full-disclosure] Re: Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through forged magic byte

Subject: Re: Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through forged magic byte From: Andrey Bayora andrey () securityelf ! org Date: 2005-10-25 3:07:51 [...] VULNERABLE vendors and software (tested): [...] 3. eTrust CA (ver 7.0.1.4, engine 11.9.1, vir

[Full-disclosure] RE: CAID 33485 - Computer Associates iGateway debug mode HTTP GET request buffer overflow vulnerability

Advisory has been updated to announce availability of iGateway updates for all platforms. Title: Computer Associates iGateway debug mode HTTP GET request buffer overflow vulnerability (v1.1) CA Vulnerability ID: 33485 Discovery Date: 2005-10-06 CA Advisory Date v1.0: 2005-10-14 (initial

Re: [Full-disclosure] NUL Character Evasion

List: full-disclosure Subject:Re: [Full-disclosure] NUL Character Evasion From: fd () ew ! nsci ! us Date: 2005-09-15 19:57:30 On Thu, 15 Sep 2005, Williams, James K wrote: List: full-disclosure Subject:[Full-disclosure] NUL Character Evasion From

Re: [Full-disclosure] NUL Character Evasion

List: full-disclosure Subject:[Full-disclosure] NUL Character Evasion From: ju () heisec ! de Date: 2005-09-13 21:24:42 The Problem: Internet Explorer ignores NUL characters -- i.e. ascii characters with the value 0x00 -- most security software does

[Full-disclosure] 32919 - Computer Associates Message Queuing (CAM/CAFT) multiple vulnerabilities

Title: 32919 - Computer Associates Message Queuing (CAM/CAFT) multiple vulnerabilities CA Vulnerability ID: CAID 32919 Disclosure Date: 2005-08-19 Discovered By: CA internal audit Impact: Remote attackers can execute arbitrary code, or cause a denial of service condition. Summary:

[Full-disclosure] RE: CAID 33239 - Computer Associates BrightStor ARCserve/Enterprise Backup Agents buffer overflow vulnerability

-Original Message- From: Williams, James K Sent: Tuesday, August 02, 2005 2:10 PM To: 'full-disclosure@lists.grok.org.uk' Subject: CAID 33239 - Computer Associates BrightStor ARCserve/Enterprise Backup Agents buffer overflow vulnerability

[Full-disclosure] Re: SiteMinder Multiple Vulnerabilities

List: full-disclosure Subject:[Full-disclosure] SiteMinder Multiple Vulnerabilities From: c0ntexb () gmail ! com Date: 2005-07-08 14:08:53 Message-ID: df8ba96d050708070869551019 () mail ! gmail ! com $ An open security advisory #10 - Siteminder v5.5 Vulnerabilities

[Full-disclosure] Re: SiteMinder Multiple Vulnerabilities (solution)

List: full-disclosure Subject:SiteMinder Multiple Vulnerabilities From: c0ntex c0ntexb () gmail ! com Date: 2005-07-08 14:08:53 $ An open security advisory #10 - Siteminder v5.5 Vulnerabilities [...] This issue is NOT present in out-of-the-box installations of

[Full-disclosure] CAID 32896 - Computer Associates Vet Antivirus engine heap overflow vulnerability

CAID 32896 - Computer Associates Vet Antivirus engine heap overflow vulnerability CA Vulnerability ID: 32896 Discovery Date: 2005/04/26 Discovered By: Alex Wheeler Title: Computer Associates Vet Antivirus engine heap overflow vulnerability Impact: Remote attackers can gain privileged