CVE-2011-1036

The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System HIPS 8.1, as used in CA Internet Security Suite ISS 2010, allows remote attacker...

CVE-2011-1036

CVE-2011-1036 affects CA HIPS and CA ISS where the XMLSecDB ActiveX control (XMLSecDB in HIPSEngine) can be exploited via SetXml/Save to write an arbitrary file on a target host, enabling remote code execution. Affected: HIPS Management Server <8.1.0.88 and clients

Design/Logic Flaw

kmxIds.sys before 7.3.1.18 in CA Host-Based Intrusion Prevention System HIPS 8.1 allows remote attackers to cause a denial of service system crash via a malformed packet...

CVE-2009-2740

CA HIPS kmxIds.sys (driver) in CA Host-Based Intrusion Prevention System 8.1 is vulnerable to a DoS via malformed network packets that trigger a kernel crash. Root cause: kmxIds.sys does not properly handle certain boundary conditions during packet parsing, allowing remote attackers to crash the ...

[TKADV2008-006] CA HIPS KmxFw.sys Kernel Memory Corruption

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Advisory: CA HIPS KmxFw.sys Kernel Memory Corruption Advisory ID: TKADV2008-006 Revision: 1.0 Release Date: 2008/08/12 Last Modified: 2008/08/12 Date Reported: 2008/03/08 Author: Tobias Klein tk at trapkit.de Affected Software: CA Host-Based Intrusion...

Computer Associates 'kmxfw.sys'本地代码执行和远程拒绝服务漏洞

BUGTRAQ ID: 30651 CVE ID：CVE-2008-3174 CVE-2008-2926 CNCVE ID：CNCVE-20083174 CNCVE-20082926 CA HIPS包含漏洞允许本地攻击者导致系统崩溃或任意代码执行。漏洞是由于kmxfw.sys驱动不充分验证IOCTL请求引起的，攻击者发送IOCTL请求可导致系统崩溃或执行任意代码。 另外kmxfw.sys驱动不充分的验证可导致应用程序崩溃，造成拒绝服务攻击。 目前没有详细漏洞细节提供。 Computer Associates Personal Firewall 2008 Computer Associat...

CA Host-Based Intrusion Prevention System Server Log Data XSS

The remote host is running Computer Associates' Host-Based Intrusion Prevention System CA HIPS Server, an intrusion prevention system for Windows. The version of CA HIPS Server installed on the remote Windows server is reportedly affected by a cross-site scripting issue because it fails to saniti...

Cross site scripting

Cross-site scripting XSS vulnerability in the Server component in CA Host-Based Intrusion Prevention System HIPS before 8.0.0.93 allows remote attackers to inject arbitrary web script or HTML via requests that are written to logs for later display in the log viewer...

CVE-2007-5472

CVE-2007-5472 affects CA Host-Based Intrusion Prevention System (CA HIPS) Server on Windows. The vulnerability arises from unsanitized log data that is later displayed in the log viewer, enabling an attacker to inject arbitrary HTML/script via requests written to logs. Affected versions are CA HI...

CVE-2007-5472

Cross-site scripting XSS vulnerability in the Server component in CA Host-Based Intrusion Prevention System HIPS before 8.0.0.93 allows remote attackers to inject arbitrary web script or HTML via requests that are written to logs for later display in the log viewer...

[CAID 35754]: CA Host-Based Intrusion Prevention System (CA HIPS) Server Vulnerability

Title: CAID 35754: CA Host-Based Intrusion Prevention System CA HIPS Server Vulnerability CA Vuln ID CAID: 35754 CA Advisory Date: 2007-10-18 Reported By: David Maciejak Impact: A remote attacker can take unauthorized administrative action. Summary: CA Host-Based Intrusion Prevention System CA HI...