EUVD-2007-3679

Malware in sbrugna...

EUVD-2007-5411

Malware in sbrugna...

CA ERwin Web Portal ConfigServiceProvider Remote File Creation (CVE-2014-2210)

A remote file creation/overwrite vulnerability exists in CA ERwin Web Portal. This vulnerability is due to lack of authentication and insufficient input validation in the ConfigServiceProvider servlet when processing HTTP requests. By sending crafted HTTP requests to the target system, a remote...

CA Erwin Web Portal Multiple Directory Traversal Vulnerabilities (CVE-2014-2210)

Multiple directory traversal vulnerabilities have been reported in CA ERwin Web Portal. The vulnerabilities are due to lack of authentication and insufficient input validation in the FileAccessServiceProvider and ProfileIconServlet servlets when processing HTTP requests. By sending crafted HTTP...

CA ERwin Web Portal 9.5 Multiple Directory Traversals

CA ERwin Web Portal version 9.5 with a build date before March 20, 2014 was detected on the remote host. This version contains multiple directory traversal vulnerabilities that an attacker could use to access sensitive information, or possibly execute arbitrary code. %NASLMINLEVEL 70300 C Tenable...

CA ERwin Web Portal MIMM ConfigServiceProvider Information Disclosure Vulnerability

This vulnerability allows remote attackers to read database credentials on a system with vulnerable installations of CA ERwin Web Portal's Meta Integration Metadata Management service. Authentication is not required to exploit this vulnerability. The specific flaw exists within the "Meta...

CA ERwin Web Portal MIMM FileAccessServiceProvider Denial of Service Vulnerability

This vulnerability allows remote attackers to delete arbitrary files on a system with vulnerable installations of CA ERwin Web Portal's Meta Integration Metadata Management service. Authentication is not required to exploit this vulnerability. The specific flaw exists within the "Meta Integration...

CA ERwin Web Portal MIMM ProfileIconServlet Multiple Information Disclosure Vulnerabilities

This vulnerability allows remote attackers to read arbitrary files on a system with vulnerable installations of CA ERwin Web Portal's Meta Integration Metadata Management service. Authentication is not required to exploit this vulnerability. The specific flaw exists within the "Meta Integration W...

CA ERwin Web Portal MIMM ConfigServiceProviderServlet Remote File Creation/Overwrite Vulnerability

This vulnerability allows remote attackers to overwrite arbitrary .xml files on a system with vulnerable installations of CA ERwin Web Portal's Meta Integration Metadata Management service. Authentication is not required to exploit this vulnerability. The specific flaw exists within the "Meta...

CA Erwin Web Portal目录遍历漏洞

Bugtraq ID:66644 CVE ID:CVE-2014-2210 CA ERwin Web Portal是基于网络的新界面CA ERwin网络门户。 CA ERwin Web Portal存在多个目录遍历漏洞，允许远程攻击者利用漏洞提交请求以WEB权限查看系统文件内容。 0 CA ERwin Web Portal 9.5 目前厂商已经发布了升级补丁以修复漏洞，请下载使用： https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=7F968A14-7407-4BCF-9EB1-EFE9F0E6D663...

CA20140403-01: Security Notice for CA Erwin Web Portal

-----BEGIN PGP SIGNED MESSAGE----- CA20140403-01: Security Notice for CA Erwin Web Portal Issued: April 03, 2014 CA Technologies Support is alerting customers to multiple vulnerabilities with CA Erwin Web Portal. The vulnerabilities, CVE-2014-2210, occur due to insufficient path verification. A...

CA Erwin Web Portal directory traversal

File request is not checked...

CVE-2014-2210

Multiple directory traversal vulnerabilities in CA ERwin Web Portal 9.5 allow remote attackers to obtain sensitive information, bypass intended access restrictions, cause a denial of service, or possibly execute arbitrary code via unspecified vectors...

Directory traversal

Multiple directory traversal vulnerabilities in CA ERwin Web Portal 9.5 allow remote attackers to obtain sensitive information, bypass intended access restrictions, cause a denial of service, or possibly execute arbitrary code via unspecified vectors...

CVE-2014-2210

Multiple directory traversal vulnerabilities in CA ERwin Web Portal 9.5 allow remote attackers to obtain sensitive information, bypass intended access restrictions, cause a denial of service, or possibly execute arbitrary code via unspecified vectors...

CVE-2014-2210

CA ERwin Web Portal 9.5 (build date before 2014-03-20) contains multiple directory traversal vulnerabilities due to lack of authentication and insufficient input validation in components such as FileAccessServiceProvider, ProfileIconServlet, and ConfigServiceProvider (MIMM) across HTTP requests. ...

CVE-2007-5435

Unspecified vulnerability in CA ERwin Process Modeler formerly AllFusion Process Modeler 7.2 might allow user-assisted remote attackers to cause a denial of service via a crafted Data Standards File Datatype Standards File...

CVE-2007-5435

The CVE refers to CA ERwin Process Modeler (formerly AllFusion Process Modeler) 7.2 with an unspecified vulnerability that could allow user‑assisted remote attackers to cause a denial of service via a crafted Data Standards File (Datatype Standards File). The available details confirm the affecte...

[ELEYTT] 10PAZDZIERNIK2007

Eleytt Research www.eleytt.com Overview: ==================== Michal Bucko, Eleytt, www.eleytt.com/michal.bucko Tomasz Polis, www.eleytt.com Credit: ==================== Michal Bucko, Eleytt, www.eleytt.com/michal.bucko Vulnerability Table =================== 1. CA Erwin Datatype Standards File...

Buffer overflow

Buffer overflow in LICRCMD.EXE in CA ERwin Process Modeler formerly AllFusion Process Modeler 7.1 allows attackers to execute arbitrary code via a long filename. NOTE: the researcher does not suggest any circumstances in which the filename would come from an untrusted source, and therefore perhap...