254 matches found
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in CA formerly Computer Associates eTrust Threat Management Console allow remote attackers to inject arbitrary web script or HTML via the IP Address field and other unspecified fields...
CVE-2007-6406
CVE-2007-6406 describes multiple cross-site scripting (XSS) vulnerabilities in CA (formerly Computer Associates) eTrust Threat Management Console. The flaws let remote attackers inject arbitrary web script or HTML through the IP Address field and other unspecified inputs, potentially enabling scr...
Computer Associates eTrust Threat Management控制台HTML注入漏洞
Computer Associates eTrust Integrated Threat Management是一款基于Web的安全威胁管理中央控制台。 CA eTrust Integrated Threat Management控制台不正确过滤用户提交的输入,远程攻击者可以利用漏洞进行HTML注入攻击,获得敏感信息。 问题是对IP地址的数据缺少过滤,可造成HTML注入攻击。 Computer Associates eTrust Integrated Threat Management 8.0 目前没有解决方案提供:...
CVE-2007-5923
Cross-site scripting XSS vulnerability in forms/smpwservices.fcc in CA formerly Computer Associates eTrust SiteMinder Agent allows remote attackers to inject arbitrary web script or HTML via the SMAUTHREASON parameter, a different vector than CVE-2005-2204...
CVE-2007-5923
Cross-site scripting XSS vulnerability in forms/smpwservices.fcc in CA formerly Computer Associates eTrust SiteMinder Agent allows remote attackers to inject arbitrary web script or HTML via the SMAUTHREASON parameter, a different vector than CVE-2005-2204...
CVE-2007-5923
The CVE-2007-5923 entry describes a Cross-site scripting (XSS) vulnerability in CA eTrust SiteMinder components, specifically in forms/smpwservices.fcc, exposed via the SMAUTHREASON parameter. The vulnerability affects the SiteMinder Agent/web components and could allow an attacker to inject arbi...
CVE-2002-2285
eTrust InoculateIT 6.0 with the "Incremental Scan" option enabled may certify that a file is free of viruses before the file has been completely downloaded, which allows remote attackers to bypass virus detection...
CVE-2002-2285
Vulnerability summary: In eTrust InoculateIT 6.0, enabling the "Incremental Scan" option may certify a file as virus-free before it is fully downloaded, allowing a bypass of virus detection. Affected product/version: eTrust InoculateIT 6.0. Root cause / behavior: premature virus validation during...
Code injection
The web console in CA formerly Computer Associates eTrust ITM Threat Manager 8.1 allows remote attackers to redirect users to arbitrary web sites via a crafted HTTP URL on port 6689...
CVE-2007-5439
CA formerly Computer Associates eTrust ITM Threat Manager 8.1 stores sensitive user information in log files with predictable names, which allows remote attackers to obtain this information via unspecified vectors...
Information disclosure
CA formerly Computer Associates eTrust ITM Threat Manager 8.1 stores sensitive user information in log files with predictable names, which allows remote attackers to obtain this information via unspecified vectors...
CVE-2007-5437
The web console in CA formerly Computer Associates eTrust ITM Threat Manager 8.1 allows remote attackers to redirect users to arbitrary web sites via a crafted HTTP URL on port 6689...
CVE-2007-5437
The CVE-2007-5437 entry affects CA eTrust ITM (Threat Manager) 8.1, where the web console allows remote attackers to redirect users to arbitrary web sites by supplying a crafted HTTP URL targeting port 6689. This describes a client redirection vulnerability in the web interface, with no explicit ...
CVE-2007-5439
CVE-2007-5439 affects CA eTrust ITM (Threat Manager) 8.1. The issue is that sensitive user information is stored in log files with predictable names, allowing a remote attacker to obtain the data via unspecified vectors. This is stated across the CVE records, including NVD, and connected document...
CVE-2007-5437
The web console in CA formerly Computer Associates eTrust ITM Threat Manager 8.1 allows remote attackers to redirect users to arbitrary web sites via a crafted HTTP URL on port 6689...
CVE-2007-5439
CA formerly Computer Associates eTrust ITM Threat Manager 8.1 stores sensitive user information in log files with predictable names, which allows remote attackers to obtain this information via unspecified vectors...
[ELEYTT] 10PAZDZIERNIK2007
Eleytt Research www.eleytt.com Overview: ==================== Michal Bucko, Eleytt, www.eleytt.com/michal.bucko Tomasz Polis, www.eleytt.com Credit: ==================== Michal Bucko, Eleytt, www.eleytt.com/michal.bucko Vulnerability Table =================== 1. CA Erwin Datatype Standards File...
CA eTrust Intrusion Detection CallCode ActiveX Control Code Execution (CVE-2007-3302)
A remote code execution vulnerability has been reported in CA eTrust Intrusion Detection. CA eTrust Intrusion Detection is a network intrusion management and prevention system, that includes real-time session monitoring and Internet web filtering capabilities. A remote attacker could exploit this...
CA eTrust Intrusion Detection CallCode ActiveX vulnerability
Added: 08/09/2007 CVE: CVE-2007-3302 BID: 25050 OSVDB: 37698 Background CA eTrust Intrusion Detection includes the CallCode Caller.dll ActiveX control. Problem The CallCode ActiveX control is incorrectly marked safe for scripting. This ActiveX control contains scriptable functions which, if a use...
CA eTrust Intrusion Detection CallCode ActiveX vulnerability
Added: 08/09/2007 CVE: CVE-2007-3302 BID: 25050 OSVDB: 37698 Background CA eTrust Intrusion Detection includes the CallCode Caller.dll ActiveX control. Problem The CallCode ActiveX control is incorrectly marked safe for scripting. This ActiveX control contains scriptable functions which, if a use...