CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

VulnCheck KEV•added 2023/11/15 12:0 a.m.•1 views

VulnCheck KEV: CVE-2010-0219

Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service...

10CVSS6.2AI score0.93155EPSS

Exploits17References1

NVD•added 2021/01/20 8:15 p.m.•13 views

CVE-2020-27858

7.5CVSS7.3AI score0.23358EPSS

Prion•added 2021/01/20 8:15 p.m.•11 views

Xxe

5CVSS7.4AI score0.23358EPSS

Exploits0References1Affected Software1

CVE•added 2021/01/20 7:35 p.m.•37 views

CVE-2020-27858

CVE-2020-27858 affects CA Arcserve D2D 16.5. A flaw in the getNews method arises from improper restriction of XML External Entity (XXE) references, allowing remote attackers to disclose sensitive information in the context of SYSTEM without authentication. The exploitation path is via a crafted X...

7.5CVSS7.3AI score0.23358EPSS

Exploits0References1Affected Software1

Cvelist•added 2021/01/20 7:35 p.m.•14 views

CVE-2020-27858

7.5CVSS7.4AI score0.23358EPSS

Zero Day Initiative•added 2020/12/04 12:0 a.m.•46 views

Arcserve D2D getNews XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CA Arcserve D2D. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getNews method. Due to the improper restriction of XML External Entity XXE...

7.5CVSS2.6AI score0.23358EPSS

Check Point Advisories•added 2014/12/28 12:0 a.m.•3 views

CA ARCserve D2D GWT RPC Request Credentials Disclosure - Ver2 (CVE-2011-3011)

A credentials disclosure vulnerability has been reported in CA ARCserve D2D. The vulnerability is due to an error while processing Google Web Toolkit GWT RPC requests. A remote attacker can exploit this vulnerability by sending a specially crafted RPC request to an affected server. Successful...

5CVSS6.6AI score0.70335EPSS

Exploits5

seebug.org•added 2014/07/01 12:0 a.m.•17 views

CA Arcserve D2D GWT RPC Credential Information Disclosure

No description provided by source. $Id: caarcserverpcauthbypass.rb 13467 2011-08-01 21:20:29Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...

seebug.org•added 2014/07/01 12:0 a.m.•139 views

CA ARCserve D2D r15 Web Service Servlet Code Execution

No description provided by source. Computer Associates ARCserve D2D r15 Web Service Apache Axis2 World Accessible Servlet Code Execution Vulnerability Poc product homepage: https://support.ca.com/phpdocs/0/8363/support/arcserved2dsupport.html vulnerability: The Tomcat Server, which listens for...

seebug.org•added 2014/07/01 12:0 a.m.•36 views

CA ARCserve D2D r15 GWT RPC Multiple Vulnerabilities

No description provided by source. Exploit Title:CA ARCserve D2D r15 GWT RPC Request Auth Bypass / Credentials Disclosure and Commands Execution Google Dork: / Date: 25 July 2011 Author: rgod Software Link: / Version: r15.0 Tested on: Microsoft Windows Server 2003 r2 sp2 CVE : none ?php / CA...

Dsquare•added 2012/04/27 12:0 a.m.•37 views

CA ARCserve D2D r15 Credentials Disclosure

Credentials disclosure vulnerability in CA ARCserve Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...

5CVSS0.5AI score0.70335EPSS

Exploits5References3

Check Point Advisories•added 2011/09/27 12:0 a.m.•1 views

CA ARCserve D2D GWT RPC Request Credentials Disclosure (CVE-2011-3011)

5CVSS6.6AI score0.70335EPSS

Exploits5

NVD•added 2011/08/15 7:55 p.m.•13 views

CVE-2011-3011

BaseServiceImpl.class in CA ARCserve D2D r15 does not properly handle sessions, which allows remote attackers to obtain credentials, and consequently execute arbitrary commands, via unspecified vectors...

5CVSS7.2AI score0.70335EPSS

Exploits5References4

Prion•added 2011/08/15 7:55 p.m.•13 views

Design/Logic Flaw

5CVSS7.6AI score0.70335EPSS

Exploits5References4Affected Software1

CVE•added 2011/08/15 7:0 p.m.•56 views

CVE-2011-3011

The CVE-2011-3011 issue affects CA ARCserve D2D r15’s web server, specifically the GWT RPC handling in the homepageServlet. A remote attacker can send a specially crafted GWT RPC request to trigger an information/credentials disclosure, exposing the Windows administrator credentials used by the A...

5CVSS7.2AI score0.70335EPSS

Exploits5References4Affected Software1

Cvelist•added 2011/08/15 7:0 p.m.•18 views

CVE-2011-3011

7.2AI score0.70335EPSS

Exploits5References4

Exploit DB•added 2011/08/01 12:0 a.m.•21 views

CA Arcserve D2D GWT RPC - Credential Information Disclosure (Metasploit)

$Id: caarcserverpcauthbypass.rb 13467 2011-08-01 21:20:29Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

7.4AI score

0day.today•added 2011/08/01 12:0 a.m.•23 views

CA Arcserve D2D GWT RPC Credential Information Disclosure

Exploit for jsp platform in category web applications $Id: caarcserverpcauthbypass.rb 13467 2011-08-01 21:20:29Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more informati...

Tenable Nessus•added 2011/07/28 12:0 a.m.•25 views

Computer Associates ARCserve D2D Detection

The remote web server is part of ARCserve D2D, a disk-based backup product from Computer Associates. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid55719; scriptversion"1.5"; scriptcvsdate"Date: 2019/11/25"; scriptnameenglish:"Computer Associates ARCserve D2D...

5.5AI score