Lucene search
K

3001 matches found

Saint
Saint
added 2011/05/12 12:0 a.m.28 views

CA Total Defense UNCWS DeleteReports SQL Injection

Added: 05/12/2011 CVE: CVE-2011-1653 BID: 47355 Background CA Total Defense is a combined host-based anti-virus, anti-spyware, firewall, and IPS solution. Problem CA Total Defense includes a web service management component, which in version r12 prior to SE2, fails to validate certain parameters...

10CVSS7.2AI score0.88655EPSS
Exploits12
Saint
Saint
added 2011/05/12 12:0 a.m.28 views

CA Total Defense UNCWS DeleteReports SQL Injection

Added: 05/12/2011 CVE: CVE-2011-1653 BID: 47355 Background CA Total Defense is a combined host-based anti-virus, anti-spyware, firewall, and IPS solution. Problem CA Total Defense includes a web service management component, which in version r12 prior to SE2, fails to validate certain parameters...

10CVSS7.2AI score0.88655EPSS
Exploits12
Saint
Saint
added 2011/05/02 12:0 a.m.32 views

CA Total Defense UNCWS SQL Injection

Added: 05/02/2011 CVE: CVE-2011-1653 BID: 47355 Background CA Total Defense is a combined host-based anti-virus, anti-spyware, firewall, and IPS solution. Problem CA Total Defense includes a web service management component, which in version r12 prior to SE2, fails to validate certain parameters...

10CVSS7.2AI score0.88655EPSS
Exploits12
Saint
Saint
added 2011/05/02 12:0 a.m.36 views

CA Total Defense UNCWS SQL Injection

Added: 05/02/2011 CVE: CVE-2011-1653 BID: 47355 Background CA Total Defense is a combined host-based anti-virus, anti-spyware, firewall, and IPS solution. Problem CA Total Defense includes a web service management component, which in version r12 prior to SE2, fails to validate certain parameters...

10CVSS7.2AI score0.88655EPSS
Exploits12
The Coalfire Blog
The Coalfire Blog
added 2011/04/26 12:53 a.m.24 views

Trust the ‘Cloud’ (just make sure you have it examined first)

In the wake of Amazons Web Service disruption over the past few days we think it is important to look at the case a little closer...

2AI score
Exploits0
securityvulns
securityvulns
added 2011/04/19 12:0 a.m.68 views

ZDI-11-133: CA Total Defense Suite UNC Management Console DeleteReports SQL Injection Vulnerability

ZDI-11-133: CA Total Defense Suite UNC Management Console DeleteReports SQL Injection Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-133 April 13, 2011 -- CVE ID: CVE-2011-1653 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: CA -- Affected Products: CA Total Defense...

10CVSS0.7AI score0.88655EPSS
Exploits12
securityvulns
securityvulns
added 2011/04/19 12:0 a.m.76 views

ZDI-11-127: CA Total Defense Suite UNCWS Web Service getDBConfigSettings Credential Disclosure Vulnerability

ZDI-11-127: CA Total Defense Suite UNCWS Web Service getDBConfigSettings Credential Disclosure Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-127 April 13, 2011 -- CVE ID: CVE-2011-1655 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: CA -- Affected Products: CA Tota...

7.5CVSS1AI score0.11975EPSS
Exploits0
NVD
NVD
added 2011/04/18 3:0 p.m.17 views

CVE-2011-1655

The management.asmx module in the Management Web Service in the Unified Network Control UNC Server in CA Total Defense TD r12 before SE2 sends a cleartext response to unspecified getDBConfigSettings requests, which makes it easier for remote attackers to obtain database credentials, and...

7.5CVSS7.2AI score0.11975EPSS
Exploits0References9
Prion
Prion
added 2011/04/18 3:0 p.m.15 views

Directory traversal

Directory traversal vulnerability in the Heartbeat Web Service in CA.Itm.Server.ManagementWS.dll in the Management Server in CA Total Defense TD r12 before SE2 allows remote attackers to execute arbitrary code via directory traversal sequences in the GUID parameter in an upload request to...

7.5CVSS8.3AI score0.11423EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
added 2011/04/18 3:0 p.m.4 views

CVE-2011-1654

Directory traversal vulnerability in the Heartbeat Web Service in CA.Itm.Server.ManagementWS.dll in the Management Server in CA Total Defense TD r12 before SE2 allows remote attackers to execute arbitrary code via directory traversal sequences in the GUID parameter in an upload request to...

7.5CVSS6.2AI score0.11423EPSS
Exploits0References12
Prion
Prion
added 2011/04/18 3:0 p.m.20 views

Code injection

The management.asmx module in the Management Web Service in the Unified Network Control UNC Server in CA Total Defense TD r12 before SE2 sends a cleartext response to unspecified getDBConfigSettings requests, which makes it easier for remote attackers to obtain database credentials, and...

7.5CVSS7.7AI score0.11975EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2011/04/15 7:0 p.m.22 views

CVE-2011-1654

Directory traversal vulnerability in the Heartbeat Web Service in CA.Itm.Server.ManagementWS.dll in the Management Server in CA Total Defense TD r12 before SE2 allows remote attackers to execute arbitrary code via directory traversal sequences in the GUID parameter in an upload request to...

7.7AI score0.11423EPSS
Exploits0References9
CVE
CVE
added 2011/04/15 7:0 p.m.131 views

CVE-2011-1655

CA Total Defense Suite UNCWS getDBConfigSettings vulnerability (CVE-2011-1655) affects UNC Server before SE2; management.asmx responds to SOAP requests and transmits database credentials in plaintext, enabling unauthenticated remote access to credentials and potential arbitrary code execution. Im...

7.5CVSS7.3AI score0.11975EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2011/04/15 7:0 p.m.23 views

CVE-2011-1655

The management.asmx module in the Management Web Service in the Unified Network Control UNC Server in CA Total Defense TD r12 before SE2 sends a cleartext response to unspecified getDBConfigSettings requests, which makes it easier for remote attackers to obtain database credentials, and...

7.2AI score0.11975EPSS
Exploits0References9
Zero Day Initiative
Zero Day Initiative
added 2011/04/13 12:0 a.m.33 views

CA Total Defense Suite Heartbeat Web Service Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Endpoint. Authentication is not required to exploit this vulnerability. The specific flaw exists within CA.Itm.Server.ManagementWS.dll. Due to a failure to properly sanitize...

10CVSS3.4AI score0.11423EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2011/04/13 12:0 a.m.25 views

CA Total Defense Suite UnassignFunctionalUsers Stored Procedure SQL Injection Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UnAssignFunctionalRoles stored procedure, accessed via the management.asmx...

10CVSS3.1AI score0.88655EPSS
Exploits12References1
Zero Day Initiative
Zero Day Initiative
added 2011/04/13 12:0 a.m.36 views

CA Total Defense Suite UNCWS Web Service getDBConfigSettings Credential Disclosure Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the management.asmx module of the Management Web Service. This process responds...

10CVSS2.1AI score0.11975EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2011/04/13 12:0 a.m.31 views

CA Total Defense Suite NonAssignedUserList Stored Procedure SQL Injection Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NonAssignedUserList stored procedure, accessed via the management.asmx...

10CVSS1.6AI score0.88655EPSS
Exploits12References1
OpenVAS
OpenVAS
added 2011/04/11 12:0 a.m.13 views

Horde Gollem Version Detection

The script detects the version of Horde Gollem on remote host and sets the KB. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.4AI score
Exploits0
NVD
NVD
added 2011/03/30 10:55 p.m.23 views

CVE-2011-1551

SUSE openSUSE Factory assigns ownership of the /var/log/cobbler/ directory tree to the web-service user account, which might allow local users to gain privileges by leveraging access to this account during root filesystem operations by the Cobbler daemon...

6.9CVSS6.6AI score0.00341EPSS
Exploits0References2
Rows per page
Query Builder