[CLOSE] OSVDB ID : 4246 - Disclosed: 2004-03-12

Description:

CA UnicenterTNG contains a flaw that allows a remote user to gain SYSTEM privileges. The issue is due to the cam.exe and awservices.exe program not properly validating input to various buffers. This allows an attacker to gain elevated privileges via standard buffer overflow attacks. No further details have been provided.

[CLOSE] OSVDB ID : 10409 - Disclosed: 2004-09-29

Description:

(Description Provided by CVE) : Computer Associates Unicenter Common Services 3.0 and earlier stores the database "SA" password in cleartext in the TndAddNspTmp.bat file, which could allow local users to gain privileges.

[CLOSE] OSVDB ID : 10407 - Disclosed: 2004-09-29

Description:

CA Unicenter Common Services contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to the "SA" plaintext password when a user opens the TndAddNsp.bat as text, which may lead to a loss of confidentiality.

[CLOSE] OSVDB ID : 10408 - Disclosed: 2004-09-29

Description:

CA Unicenter Common Services contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to the "SA" plaintext password when a user opens the TndAddNspTmp.bat as text, which may lead to a loss of confidentiality.

[CLOSE] OSVDB ID : 26 - Disclosed: 1999-01-01

Description:

This host is running Computer Associates' Unicenter file transfer service. The file transfer service uses ports TCP 3104, UDP 4104 and TCP 4105 for communication between its clients and other Unicenter servers. An attacker could potentially use this service to transfer critical information to and from this host.

[CLOSE] OSVDB ID : 3245 - Disclosed: 2003-06-04

Description:

Unicenter ServicePlus Service Desk contains a flaw that allows a remote attacker to execute arbitrary code on a vulnerable system. The issue is due to poor sanity checks in the file_upload.pl script. If an attacker supplies a specially-crafted URL they can use the script to execute arbitrary commands.

[CLOSE] OSVDB ID : 3249 - Disclosed: 2000-01-01

Description:

Unicenter and Control IT contain a flaw that allows a local user to gain elevated privileges. THe flaw is due to the Host and Viewer which will run an arbitrary program under the same privileges. No further details have been provided.

[CLOSE] OSVDB ID : 10201 - Disclosed: 2004-09-22

Description:

UniCenter Management Portal contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a request of a user's forgotten password occurs, which will disclose the existence of the user resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 3248 - Disclosed: 2003-10-01

Description:

Unicenter contains a flaw that allows an attacker to cause a denial of service. The issue is due to a buffer overflow in the Unicenter Message Queuing Service (CAM). No further details have been provided.

[CLOSE] OSVDB ID : 3244 - Disclosed: 2003-06-04

Description:

Unicenter and ServicePlus Service Desk contain a vulnerability that allows a remote attacker to bypass authentication and gain access to sensitive information. The issue is due to a flaw in the pdm_cgireport.exe program that allows users to create and view any report in the Service Desk.

[CLOSE] OSVDB ID : 3246 - Disclosed: 2003-06-04

Description:

Unicenter ServicePlus Service Desk allows a remote attacker to obtain sensitive information. The issue is due to poor sanity checking in the pdmcgi.exe script. If an attacker provides a specially-crafted query the script will return all requests being made. This information may contain sensitive information that aids in furhter attacks.

[CLOSE] OSVDB ID : 3247 - Disclosed: 2003-06-04

Description:

Unicenter TNG allows a remote attacker to view arbitrary files. The flaw is due to poor sanity checking in template selection of the pdmcgi.exe program. By specifying an arbitrary file, the program will display the contents to any user.

[CLOSE] OSVDB ID : 3243 - Disclosed: 2003-12-11

Description:

Unicenter Remote Control could allow a local attacker to gain elevated privileges on a vulnerable system. The issue is due to the help interface allowing any application to be run under the same account that the host runs under.

[CLOSE] OSVDB ID : 12249 - Disclosed: 2004-12-07

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 3131 - Disclosed: 2003-12-12

Description:

CA Unicenter Remote Control (URC) contains a flaw that may allow a remote denial of service. The issue is triggered when the host's port receives numerous, bogus, connection requests, and will result in loss of availability for the computer running the host service.

[CLOSE] OSVDB ID : 3023 - Disclosed: 2003-12-11

Description:

CA Unicenter Remote Control (URC) contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered by abusing the "Help" interface. This flaw may lead to a loss of Confidentiality, Integrity and/or Availability.

[CLOSE] OSVDB ID : 4281 - Disclosed: 2004-03-16

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 27 - Disclosed: 1999-01-01

Description:

This host is running Computer Associates' Unicenter transport service. The transport service uses ports TCP 3104, UDP 4104 and TCP 4105 for communication between its clients and other Unicenter servers. An attack could use this service to gather information about this host.

[CLOSE] OSVDB ID : 3279 - Disclosed: 1995-07-01

Description:

CA Unicenter contains a flaw that allows any local user to gain root privileges. The issue is due to Unicenter installing and setting a UMASK of 000. This causes several directories it creates to install with world writeable permissions. A local attacker can replace a number of SUID binaries in these world writeable directories with their own customer programs. The next time an administrator runs the programs, they will inadvertantly execute commands created by the malicious user.

[CLOSE] OSVDB ID : 3278 - Disclosed: 1995-07-01

Description:

CA Unicenter has a flaw that allows any local user to execute arbitrary commands under root privileges. The flaw is due to the fact that Unicenter installs two scripts with SUID root privileges, and allows any user on the system to write to the scripts. Any local user can edit these scripts and add their own commands to the scripts, which will be executed the next time the admin runs them.

[CLOSE] OSVDB ID : 65381 - Disclosed: 2010-06-10

Description:

(Description Provided by CVE) : Multiple unspecified vulnerabilities in the CA (1) PSFormX and (2) WebScan ActiveX controls, as distributed on the CA Global Advisor web site until May 2009, allow remote attackers to execute arbitrary code via unknown vectors.

[CLOSE] OSVDB ID : 88172 - Disclosed: 2012-12-05

Description:

CA XCOM Data Transport contains an unspecified flaw that may allow a remote attacker to execute arbitrary code. No further details have been provided.

[CLOSE] OSVDB ID : 63611 - Disclosed: 2010-04-06

Description:

(Description Provided by CVE) : Multiple buffer overflows in CA XOsoft r12.0 and r12.5 allow remote attackers to execute arbitrary code via (1) a malformed request to the ws_man/xosoapapi.asmx SOAP endpoint or (2) a long string to the entry_point.aspx service.

[CLOSE] OSVDB ID : 63612 - Disclosed: 2010-04-06

Description:

(Description Provided by CVE) : CA XOsoft r12.5 does not properly perform authentication, which allows remote attackers to obtain potentially sensitive information via a SOAP request.

[CLOSE] OSVDB ID : 63613 - Disclosed: 2010-04-06

Description:

(Description Provided by CVE) : CA XOsoft r12.0 and r12.5 does not properly perform authentication, which allows remote attackers to enumerate usernames via a SOAP request.

[CLOSE] OSVDB ID : 63610 - Disclosed: 2010-04-06

Description:

(Description Provided by CVE) : Multiple buffer overflows in CA XOsoft r12.0 and r12.5 allow remote attackers to execute arbitrary code via (1) a malformed request to the ws_man/xosoapapi.asmx SOAP endpoint or (2) a long string to the entry_point.aspx service.

[CLOSE] OSVDB ID : 26321 - Disclosed: 2006-06-10

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in Suchergebnisse.asp in Cabacos Web CMS 3.8.498 and earlier allows remote attackers to inject arbitrary web script or HTML via the suchtext parameter.

[CLOSE] OSVDB ID : 66955 - Disclosed: 2010-07-30

Description:

(Description Provided by CVE) : The MS-ZIP decompressor in cabextract before 1.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed MSZIP archive in a .cab file during a (1) test or (2) extract action, related to the libmspack library.

[CLOSE] OSVDB ID : 66957 - Disclosed: 2010-07-30

Description:

(Description Provided by CVE) : Integer signedness error in the Quantum decompressor in cabextract before 1.3, when archive test mode is used, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Quantum archive in a .cab file, related to the libmspack library.

[CLOSE] OSVDB ID : 10953 - Disclosed: 2004-10-18

Description:

cabextract contains a flaw that allows a remote attacker to overwrite arbitrary files outside of the extraction path. The issue is due to the program not properly sanitizing cabinet files containing "./", "../", and ".." as part of the filename.