10 matches found
EUVD-2011-1655
Malware in sbrugna...
ZDI-12-024 : Total Defense Suite UNC Management Web Service uncsp_ViewReportsHomepage SQL Injection Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-024 : Total Defense Suite UNC Management Web Service uncspViewReportsHomepage SQL Injection Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-024 February 8, 2012 - -- CVE ID: - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - --...
Total Defense Suite UNC Management Web Service Database Credentials Disclosure Vulnerability
This vulnerability allows attackers to remotely obtain domain credentials on vulnerable installations of CA Total Defense Suite UNC Management Web Service. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AppCode.dll service listening by default on...
Total Defense Suite UNC Management Console ExportReport SQL Injection Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ExportReport stored procedure, accessed via the management.asmx console. Th...
ZDI-11-133: CA Total Defense Suite UNC Management Console DeleteReports SQL Injection Vulnerability
ZDI-11-133: CA Total Defense Suite UNC Management Console DeleteReports SQL Injection Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-133 April 13, 2011 -- CVE ID: CVE-2011-1653 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: CA -- Affected Products: CA Total Defense...
Code injection
The management.asmx module in the Management Web Service in the Unified Network Control UNC Server in CA Total Defense TD r12 before SE2 sends a cleartext response to unspecified getDBConfigSettings requests, which makes it easier for remote attackers to obtain database credentials, and...
CVE-2011-1655
CA Total Defense Suite UNCWS getDBConfigSettings vulnerability (CVE-2011-1655) affects UNC Server before SE2; management.asmx responds to SOAP requests and transmits database credentials in plaintext, enabling unauthenticated remote access to credentials and potential arbitrary code execution. Im...
CA Total Defense Suite UnassignFunctionalUsers Stored Procedure SQL Injection Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UnAssignFunctionalRoles stored procedure, accessed via the management.asmx...
CA Total Defense Suite NonAssignedUserList Stored Procedure SQL Injection Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NonAssignedUserList stored procedure, accessed via the management.asmx...
CA Total Defense Suite UNCWS Web Service getDBConfigSettings Credential Disclosure Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the management.asmx module of the Management Web Service. This process responds...