12 matches found
CVE-2009-3588
CVE-2009-3588 (and 3587) describe a DoS vulnerability in CA’s arclib component used by CA Anti-Virus for Enterprise and related CA products. A crafted RAR archive can trigger stack corruption (CVE-3588) and heap corruption (CVE-3587); CVE-3587 also notes possible arbitrary-code execution. Affecte...
CVE-2008-4398
CVE-2008-4398 affects CA ARCserve Backup Tape Engine (asdbapi.dll) on Windows r11.1–r12.0. The issue is insufficient input validation in the Tape Engine service, allowing a remote attacker to trigger a denial-of-service (crash) by sending a crafted RPC message. Public advisories from CA identify ...
CVE-2012-1662
CA ARCserve Backup for Windows is affected by CVE-2012-1662, allowing a remote attacker to cause a denial of service (service shutdown) via a crafted network request. Affected versions are CA ARCserve Backup for Windows r12.0 through SP2, r12.5 before SP2, r15 through SP1, and r16 before SP1. Mit...
CVE-1999-1322
The CVE concerns the installation of 1ArcServe Backup and Inoculan AV client modules for Exchange, which can create a log file exchverify.log that stores usernames and passwords in plaintext. Affected components: the Exchange-related client modules for 1ArcServe Backup and Inoculan AV. Underlying...
CVE-2008-4397
CVE-2008-4397 is a directory traversal flaw in the RPC interface (asdbapi.dll) of CA ARCserve Backup (BrightStor ARCserve Backup) versions r11.1–r12.0. An unauthenticated remote attacker can craft RPC calls (opnum 0x10A) to traverse directories and execute arbitrary commands. Multiple connected s...
CVE-2008-4399
CA ARCserve Backup DB Engine vulnerability CVE-2008-4399 affects the asdbapi.dll database engine service in CA ARCserve Backup r11.1–r12.0. The issue stems from insufficient validation of remote RPC requests, allowing remote unauthenticated attackers to cause a denial of service (crash) of the DB...
CVE-2001-0960
ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 store the backup agent username and password in cleartext in the aremote.dmp file on the ARCSERVE$ hidden share. The Nessus plugin item ARCSERVE_HIDDEN_SHARE.NASL confirms the ARCSERVE$ share is accessible and that multiple ARCserve versions retain ...
CVE-2001-0959
The CVE-2001-0959 entry concerns Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0, which create a hidden administrative share named ARCSERVE$. This behavior enables remote attackers to access sensitive information and to overwrite critical files. The vulnerability is described ...
CVE-2008-4400
CVE-2008-4400 affects CA ARCserve Backup (BrightStor ARCserve Backup) r11.1–r12.0. The vulnerability is in asdbapi.dll and stems from insufficient validation of authentication credentials, allowing remote attackers to cause a denial of service by crashing multiple services. Remediation is availab...
CVE-2008-5415
CA ARCserve Backup on Windows (LDBserver) across versions 11.1, 11.5, and 12.0 is affected. The vulnerability stems from insufficient verification of handle_t arguments passed to an RPC endpoint, where the handle refers to an incompatible procedure, enabling remote code execution or service crash...
CVE-1999-1049
ARCserve NT agents authenticate using a weak XOR scheme for passwords. The vulnerability allows remote attackers to sniff the authentication request sent to port 6050 and decrypt the password, leading to potential unauthorized access and confidentiality/ integrity impact as described in the CVE e...
CVE-2001-1346
ARCserveIT 6.61 and 6.63 (ARCservIT) are affected by a local vulnerability where an attacker can overwrite arbitrary files via a symlink attack on temporary files (asagent.tmp or inetd.tmp). The underlying issue is insecure handling of temporary files leading to local privilege impact with partia...