556 matches found
CVE-2008-4040
CVE-2008-4040 affects Kyocera Command Center integrated in Kyocera FS-118MFP. The vulnerability is a directory traversal flaw that allows remote attackers to read arbitrary files by supplying a .. in the URI. The NVD entry lists a CVSSv2 base score of 7.8 (HIGH) with network access and low attack...
CA eTrust Security Command Center and eTrust Audit 存在多个漏洞
CA eTrust Security Command Center eSCC和eTrust Audit是CA产品安全命令执行和审核程序。 CA eTrust Security Command Center eSCC和eTrust Audit存在多个安全问题,远程攻击者可以利用漏洞获得敏感信息,执行任意文件删除或者重播攻击。 第一个问题是允许攻击者发现在windows平台上的web服务器路径信息,此漏洞影响eTrust Security Command Center Server 1.0, r8, r8 SP1 CR1, 和r8 SP1 CR2版本。...
RE: Computer Associates eTrust Security Command Center Multiple Vulnerabilities
aushack.com - Vulnerability Advisory ----------------------------------------------- Release Date: 22-Sep-2006 Software: Computer Associates - eTrust Security Command Center http://www3.ca.com/solutions/Product.aspx?ID=4351 "eTrust Security Command Center helps you discover and prioritize relevan...
CVE-2006-4899
The ePPIServlet script in Computer Associates CA eTrust Security Command Center 1.0 and r8 up to SP1 CR2, when running on Windows, allows remote attackers to obtain the web server path via a "'" single quote in the PIProfile function, which leaks the path in an error message...
CVE-2006-4901
Computer Associates CA eTrust Security Command Center 1.0 and r8 up to SP1 CR2, and eTrust Audit 1.5 and r8, allows remote attackers to spoof alerts and conduct replay attacks by invoking eTSAPISend.exe with the desired arguments...
CVE-2006-4900
CVE-2006-4900 affects Computer Associates eTrust Security Command Center (SCC) 1.0 and r8 up to SP1 CR2. The vulnerability is a directory traversal in the eSCCAdHocHtmlFile parameter to eSMPAuditServlet caused by improper handling in getadhochtml, allowing remote authenticated users to read and d...
CVE-2006-4901
CVE-2006-4901 affects CA eTrust Security Command Center (SCC) 1.0 and r8 up to SP1 CR2 and eTrust Audit 1.5 and r8. The vulnerability allows remote attackers to spoof alerts and perform replay attacks by invoking eTSAPISend.exe with crafted arguments. Affected products include SCC 1.0, SCC r8, SC...
CVE-2006-4899
CVE-2006-4899 affects CA eTrust Security Command Center (SCC) 1.0 and r8 up to SP1 CR2 on Windows. The ePPIServlet script’s PIProfile function leaks the web server path via a single quote in an error message, enabling remote attackers to discover the server path. This vulnerability’s impact is th...
CVE-2006-4901
Computer Associates CA eTrust Security Command Center 1.0 and r8 up to SP1 CR2, and eTrust Audit 1.5 and r8, allows remote attackers to spoof alerts and conduct replay attacks by invoking eTSAPISend.exe with the desired arguments...
CA eSCC r8/1.0 / eTrust Audit r8/1.5 - Web Server Full Path Disclosure
source: https://www.securityfocus.com/bid/20139/info CA eTrust Security Command Center eSCC and eTrust Audit are prone to multiple vulnerabilities, including: - an information-disclosure issue - an arbitrary-file-deletion issue - a replay issue. These vulnerabilities occur because the software...
CA eSCC r81.0 eTrust Audit r81.5 - Arbitrary File Manipulation
CA eSCC r81.0 eTrust Audit r81.5 - Arbitrary File Manipulation source: https://www.securityfocus.com/bid/20139/info CA eTrust Security Command Center eSCC and eTrust Audit are prone to multiple vulnerabilities, including: - an information-disclosure issue - an arbitrary-file-deletion issue - a...
CA eSCC r81.0 eTrust Audit r81.5 - Web Server Full Path Disclosure
CA eSCC r81.0 eTrust Audit r81.5 - Web Server Full Path Disclosure source: https://www.securityfocus.com/bid/20139/info CA eTrust Security Command Center eSCC and eTrust Audit are prone to multiple vulnerabilities, including: - an information-disclosure issue - an arbitrary-file-deletion issue - ...
CVE-2005-2944
The CVE-2005-2944 entry applies to GNOME Workstation Command Center (gwcc) 0.9.6 and earlier. The vulnerability arises in perform_file_save, where a symlink attack on the temporary file gwcc_out.txt enables local users to create and overwrite arbitrary files. The NVD entry lists a local attack ve...
CVE-2003-0974
Applied Watch Command Center allows remote attackers to conduct unauthorized activities without authentication, such as 1 add new users to a console, as demonstrated using appliedsnatch.c, or 2 add spurious IDS rules to sensors, as demonstrated using addrule.c...
CVE-2003-0974
The CVE-2003-0974 entry involves Applied Watch Command Center. Affected: the Command Center application allowing remote, unauthenticated actions including adding new users to a console and injecting spurious IDS rules to sensors (via demonstrated payloads appliedsnatch.c and addrule.c). The root ...
Applied Watch Command Center 1.0 - Authentication Bypass (2)
// source: https://www.securityfocus.com/bid/9124/info A vulnerability has been identified in the system that may allow an attacker to bypass authentication to add attacker supplied IDS alerts and new user accounts in the console. Successful exploitation of these issues may allow an attacker to...