| OSVDB ID | Disclosure Date | Title |
|---|
|
62552
Description:
CA eHealth Performance Manager contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate unspecified input upon submission to an unspecified script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2010-02-23
|
CA eHealth Performance Manager Unspecified XSS
|
|
72312
Description:
CA eHealth contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2011-05-10
|
CA eHealth Unspecified XSS
|
|
39596
Description:
(Description Provided by CVE) : CA ERwin Data Model Validator (formerly AllFusion Data Model Validator) allows remote attackers to (1) cause a denial of service (application hang) via a malformed .EXP database file and (2) cause a denial of service (aaplication crash) via a crafted .EXP database file, which triggers a NULL dereference.
|
2007-05-11
|
CA ERwin Data Model Validator Malformed EXP File Handling DoS
|
|
43483
Description:
(Description Provided by CVE) : Unspecified vulnerability in CA ERwin Process Modeler (formerly AllFusion Process Modeler) 7.2 might allow user-assisted remote attackers to cause a denial of service via a crafted Data Standards File (Datatype Standards File).
|
2007-10-10
|
CA ERwin Process Modeler Crafted Data Standards File DoS
|
|
39597
Description:
(Description Provided by CVE) : Buffer overflow in LICRCMD.EXE in CA ERwin Process Modeler (formerly AllFusion Process Modeler) 7.1 allows attackers to execute arbitrary code via a long filename. NOTE: the researcher does not suggest any circumstances in which the filename would come from an untrusted source, and therefore perhaps the issue does not cross privilege boundaries and should not be included in CVE.
|
2007-05-11
|
CA ERwin Process Modeler LICRCMD.EXE Filename Handling Overflow
|
|
29011
Description:
There is an API function to create your own alerts: eTSAPISend.exe. The service does not use any authentication, so the attacker may script the binary to send thousands of false-positive alerts to the Security Command Center, diverting attention and resources from real threats.
|
2006-09-20
|
CA eSCC / eTrust Audit Event System Unspecified Replay Attack
|
|
29010
Description:
eTrust Security Command Center contains a flaw that allows a remote attacker to read and delete files outside of the web path. The issue is due to eSMPAuditServlet not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the eSCCAdHocHtmlFile parameter.
|
2006-09-20
|
CA eSCC / eTrust Audit Unspecified Arbitrary File Manipulation
|
|
29009
Description:
CA eTrust Security Command Center contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker sends a single quote to the 'PIProfile' of the 'ePPIServlet' script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.
|
2006-09-20
|
CA eSCC / eTrust Audit Web Server Path Disclosure
|
|
1517
Description:
eTrust Access Control contains a flaw that may allow a remote attacker to alter the access control database. The issue is due to eTrust installing without strong crypto options set and using a default encryption key. If an attacker can gain access to the default key, they may be able to use it to spoof the credentials of a legitimate administrator, edit the access control database, and gain access to the remote machine.
|
2000-08-11
|
CA eTrust Access Control Default Encryption Key
|
|
32722
Description:
CA eTrust Admin contains a flaw that may allow a malicious user to bypass authentication and gain privileges on the system. The issue is due to an unspecified error in the GINA password reset interface. This flaw may lead to unauthorized access resulting in a loss of confidentiality.
|
2007-03-08
|
CA eTrust Admin GINA Unspecified Remote Authentication Bypass
|
|
4865
Description:
eTrust Antivirus may allow a local attacker to gain elevated privileges. The issue is due to the program not properly checking command line input. If an attacker supplies a specially crafted command line argument, they may be able to trick it into running an arbitrary program with SYSTEM privilegs.
|
2002-11-18
|
CA eTrust Anti-Virus Unspecified Local Privilege Escalation
|
|
3963
Description:
eTrust Antivirus contains a flaw that may allow a remote attacker to bypass antivirus scans and infect a user. The issue is due to eTrust AV not properly scanning .zip files with password protected files. If an attacker created a specially crafted .zip file to send to a user, it may bypass detection and possibly infect the target.
|
2004-02-13
|
CA eTrust Anti-Virus Zip Archive Virus Detection Bypass
|
|
50768
Description:
(Description Provided by CVE) : CA eTrust Antivirus 31.6.6086, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
|
2008-12-09
|
CA eTrust Antivirus HTML Document MZ Header Multiple Filename Modification Malware Detection Bypass
|
|
27786
Description:
(Description Provided by CVE) : Unspecified vulnerability in CA eTrust Antivirus WebScan before 1.1.0.1048 has unknown impact and remote attackers related to "improper processing of outdated WebScan components."
|
2006-08-03
|
CA eTrust Antivirus WebScan ActiveX Control Crafted File Protection Weakness
|
|
27785
Description:
(Description Provided by CVE) : Unspecified vulnerability in CA eTrust Antivirus WebScan before 1.1.0.1048 allows remote attackers to install arbitrary files.
|
2006-08-03
|
CA eTrust Antivirus WebScan ActiveX Control Crafted File Update Subversion
|
|
27787
Description:
(Description Provided by CVE) : Unspecified vulnerability in CA eTrust Antivirus WebScan allows remote attackers to execute arbitrary code due to "improper bounds checking when processing certain user input."
|
2006-08-03
|
CA eTrust Antivirus WebScan ActiveX Control Update Manifest Processing Overflow
|
|
8059
Description:
Unknown / Incomplete
|
2004-07-19
|
CA eTrust Connection Saturation Transport Service DoS
|
|
11979
Description:
eTrust Antivirus contains a flaw that may allow a malicious user to bypass the password protection mechanism. The issue is caused by the displayed password in the GUI using star symbols being the actual password. It is possible that the flaw may allow the recovery of the actual password resulting in a loss of confidentiality.
|
2004-11-20
|
CA eTrust EZ Anti-Virus Password Protection Local Bypass
|
|
12407
Description:
(Description Provided by CVE) : Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4, including 7.0.1.4, installs its files with insecure permissions (ACLs), which allows local users to gain privileges by replacing critical programs with malicious ones, as demonstrated using VetMsg.exe.
|
2004-12-15
|
CA eTrust EZ Anti-Virus VetMsg.exe Local Privilege Escalation
|
|
37698
Description:
CA eTrust Intrusion Detection contains a flaw that allows a malicious user to execute code in the context of the user. The issue is triggered when the caller.dll ActiveX control is scripted by a malicious website. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.
|
2007-07-24
|
CA eTrust Intrusion Detection CallCode ActiveX (caller.dll) Arbitrary Code Execution
|
|
15273
Description:
(Description Provided by CVE) : Computer Associates (CA) eTrust Intrusion Detection 3.0 allows remote attackers to cause a denial of service via large size values that are not properly validated before calling the CPImportKey function in the Crypto API.
|
2005-04-06
|
CA eTrust Intrusion Detection CPImportKey Function Overflow DoS
|
|
4866
Description:
eTrust contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to plaintext passwords by accessing a specific registry key and decoding the encrypted passwords, which may lead to a loss of integrity.
|
2000-06-07
|
CA eTrust Intrusion Detection Password Exposure
|
|
32290
Description:
CA eTrust Intrusion Detection contain a flaw that may allow a remote denial of service. The issue is due to the application failing to properly validate key length values during authentication and is triggered when a remote attacker sends a specially crafted packet containing a long key length value to the remote administration port (9191/TCP). This causes a heap-based buffer overflow in SW3eng.exe in the eID Engine, resulting in loss of availability for the service.
|
2007-02-27
|
CA eTrust Intrusion Detection SW3eng.exe Key Length Value Remote DoS
|
|
43482
Description:
(Description Provided by CVE) : The web console in CA (formerly Computer Associates) eTrust ITM (Threat Manager) 8.1 allows remote attackers to redirect users to arbitrary web sites via a crafted HTTP URL on port 6689.
|
2007-10-10
|
CA eTrust ITM (Threat Manager) Crafted URL Arbitrary Site Redirect
|
|
43487
Description:
(Description Provided by CVE) : CA (formerly Computer Associates) eTrust ITM (Threat Manager) 8.1 stores sensitive user information in log files with predictable names, which allows remote attackers to obtain this information via unspecified vectors.
|
2007-10-10
|
CA eTrust ITM (Threat Manager) Predictable Log File Remote Information Disclosure
|
|
8058
Description:
CA eTrust Common Services and Security Command Center contain a flaw that may allow a remote denial of service. The issue is triggered when a user sends a specialy crafted URL to the server, and will result in loss of availability for the portal service.
|
2004-07-19
|
CA eTrust Long URL Portal Service DoS
|
|
60862
Description:
(Description Provided by CVE) : Stack-based buffer overflow in the PestPatrol ActiveX control (ppctl.dll) 5.6.7.9 in CA eTrust PestPatrol allows remote attackers to execute arbitrary code via a long argument to the Initialize method.
|
2009-11-02
|
CA eTrust PestPatrol PestPatrol ActiveX (ppctl.dll) Initialize Method Overflow
|
|
40269
Description:
CA eTrust SiteMinder contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate SMAUTHREASON parameters upon submission to the 'smpwservices.fcc' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2007-11-07
|
CA eTrust SiteMinder Agent forms/smpwservices.fcc SMAUTHREASON Parameter XSS
|
|
17810
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in Computer Associates (CA) eTrust SiteMinder 5.5, when the "CSSChecking" parameter is set to "NO," allows remote attackers to inject arbitrary web script or HTML via the (1) PASSWORD or (2) BUFFER parameters to smpwservicescgi.exe, (3) the TARGET parameter to login.fcc, and possibly other vectors.
|
2005-07-08
|
CA eTrust SiteMinder login.fcc Arbitrary iframe Injection
|
|
17809
Description:
CA eTrust SiteMinder contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'PASSWORD' parameter, when the 'CSSChecking' parameter is set to "NO", upon submission to the smpwservicescgi.exe script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2005-07-08
|
CA eTrust SiteMinder smpwservicescgi.exe PASSWORD Parameter XSS
|
