CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

CA » Brightstor Arcserve Backup » 11.1 : Security Vulnerabilities

Cpe Name:cpe:/a:ca:brightstor_arcserve_backup:11.1
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2008-3175 189 DoS Exec Code Overflow 2008-08-01 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Integer underflow in rxRPC.dll in the LGServer service in the server in CA ARCserve Backup for Laptops and Desktops 11.0 through 11.5 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted message that triggers a buffer overflow.
2 CVE-2008-2242 119 Exec Code Overflow 2008-05-21 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in xdr functions in the server in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allow remote attackers to execute arbitrary code, as demonstrated by a stack-based buffer overflow via a long parameter to the xdr_rwsstring function.
3 CVE-2008-2241 22 Exec Code Dir. Trav. 2008-05-21 2018-10-11
10.0
Admin Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in caloggerd in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allows remote attackers to append arbitrary data to arbitrary files via directory traversal sequences in unspecified input fields, which are used in log messages. NOTE: this can be leveraged for code execution in many installation environments by writing to a startup file or configuration file.
4 CVE-2007-5332 399 Mem. Corr. 2007-10-12 2018-10-15
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in (1) mediasvr and (2) caloggerd in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, have unknown impact and attack vectors related to memory corruption.
5 CVE-2007-5331 94 Exec Code 2007-10-12 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
Queue.dll for the message queuing service (LQserver.exe) in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to execute arbitrary code via a malformed ONRPC protocol request for operation 0x76, which causes ARCserve Backup to dereference arbitrary pointers.
6 CVE-2007-5330 119 Exec Code Overflow Mem. Corr. 2007-10-12 2018-10-15
10.0
Admin Remote Low Not required Complete Complete Complete
The cadbd RPC service in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to (1) execute arbitrary code via stack-based buffer overflows in unspecified RPC procedures, and (2) trigger memory corruption related to the use of "handle" RPC arguments as pointers.
7 CVE-2007-5329 399 Mem. Corr. 2007-10-12 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in dbasvr in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, has unknown impact and attack vectors related to memory corruption.
8 CVE-2007-5328 264 Exec Code 2007-10-12 2018-10-15
10.0
Admin Remote Low Not required Complete Complete Complete
The Message Engine RPC service in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows attackers to execute arbitrary code by using certain "insecure method calls" to modify the file system and registry, aka "Privileged function exposure."
9 CVE-2007-5327 119 Exec Code Overflow 2007-10-12 2018-10-15
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the RPC interface for the Message Engine (mediasvr.exe) in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to execute arbitrary code via a long argument in the 0x10d opnum.
10 CVE-2007-5326 119 Exec Code Overflow 2007-10-12 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in (1) RPC and (2) rpcx.dll in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allow remote attackers to execute arbitrary code via unspecified vectors.
11 CVE-2007-5325 119 Exec Code Overflow 2007-10-12 2018-10-15
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in (1) the Message Engine and (2) AScore.dll in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allow remote attackers to execute arbitrary code via unspecified vectors.
12 CVE-2007-4620 119 Exec Code Overflow 2008-04-07 2018-10-15
9.0
Admin Remote Low Single system Complete Complete Complete
Multiple stack-based buffer overflows in Computer Associates (CA) Alert Notification Service (Alert.exe) 8.1.586.0, 8.0.450.0, and 7.1.758.0, as used in multiple CA products including Anti-Virus for the Enterprise 7.1 through r11.1 and Threat Manager for the Enterprise 8.1 and r8, allow remote authenticated users to execute arbitrary code via crafted RPC requests.
13 CVE-2007-3875 DoS 2007-07-25 2018-10-15
4.3
None Remote Medium Not required None None Partial
arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust Antivirus) 8 and certain other CA products allows remote attackers to cause a denial of service (infinite loop and loss of antivirus functionality) via an invalid "previous listing chunk number" field in a CHM file.
14 CVE-2007-3825 Exec Code Overflow 2007-07-18 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in the RPC implementation in alert.exe before 8.0.255.0 in CA (formerly Computer Associates) Alert Notification Server, as used in Threat Manager for the Enterprise, Protection Suites, certain BrightStor ARCserve products, and BrightStor Enterprise Backup, allow remote attackers to execute arbitrary code by sending certain data to unspecified RPC procedures.
15 CVE-2007-2864 Exec Code Overflow 2007-06-06 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a large invalid value of the coffFiles field in a .CAB file.
16 CVE-2007-2863 Exec Code Overflow 2007-06-06 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a long filename in a .CAB file.
17 CVE-2007-2139 Exec Code Overflow 2007-04-25 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2, and Business Protection Suite 2, allow remote attackers to execute arbitrary code via malformed RPC strings, a different vulnerability than CVE-2006-5171, CVE-2006-5172, and CVE-2007-1785.
18 CVE-2007-1785 Exec Code 2007-03-30 2018-10-16
7.1
Admin Remote High Single system Complete Complete Complete
The RPC service in mediasvr.exe in CA BrightStor ARCserve Backup 11.5 SP2 build 4237 allows remote attackers to execute arbitrary code via crafted xdr_handle_t data in RPC packets, which is used in calculating an address for a function call, as demonstrated using the 191 (0xbf) RPC request.
19 CVE-2007-0816 DoS 2007-02-07 2017-10-18
5.0
None Remote Low Not required None None Partial
The RPC Server service (catirpc.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 SP2 and earlier allows remote attackers to cause a denial of service (service crash) via a crafted TADDR2UADDR that triggers a null pointer dereference in catirpc.dll, possibly related to null credentials or verifier fields.
20 CVE-2006-6379 Exec Code Overflow 2006-12-10 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the BrightStor Backup Discovery Service in multiple CA products, including ARCserve Backup r11.5 SP1 and earlier, ARCserve Backup 9.01 up to 11.1, Enterprise Backup 10.5, and CA Server Protection Suite r2, allows remote attackers to execute arbitrary code via unspecified vectors.
21 CVE-2006-6076 Exec Code Overflow 2006-11-24 2018-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the Tape Engine (tapeeng.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to execute arbitrary code via certain RPC requests to TCP port 6502.
22 CVE-2006-5143 119 Exec Code Overflow 2006-10-10 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and earlier, r11.1, and 9.01; BrightStor ARCserve Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; and Business Protection Suite r2 allow remote attackers to execute arbitrary code via crafted data on TCP port 6071 to the Backup Agent RPC Server (DBASVR.exe) using the RPC routines with opcode (1) 0x01, (2) 0x02, or (3) 0x18; invalid stub data on TCP port 6503 to the RPC routines with opcode (4) 0x2b or (5) 0x2d in ASCORE.dll in the Message Engine RPC Server (msgeng.exe); (6) a long hostname on TCP port 41523 to ASBRDCST.DLL in the Discovery Service (casdscsvc.exe); or unspecified vectors related to the (7) Job Engine Service.
23 CVE-2005-3653 119 Exec Code Overflow 2005-12-31 2018-10-19
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field.
24 CVE-2005-0349 Exec Code 2005-05-02 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The production release of the UniversalAgent for UNIX in BrightStor ARCserve Backup 11.1 contains hard-coded credentials, which allows remote attackers to access the file system and possibly execute arbitrary commands.
25 CVE-2005-0260 Exec Code Overflow 2005-05-02 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the Discovery Service for BrightStor ARCserve Backup 11.1 and earlier allows remote attackers to execute arbitrary code via a long packet to UDP port 41524, which is not properly handled in a recvfrom call.
26 CVE-2004-1096 Bypass 2005-01-10 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
27 CVE-2004-0937 Bypass 2005-02-09 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, 98, and Me before 3.88.0, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
28 CVE-2004-0936 Bypass 2005-01-27 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
RAV antivirus allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
29 CVE-2004-0935 Bypass 2005-01-27 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Eset Anti-Virus before 1.020 (16th September 2004) allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
30 CVE-2004-0934 Bypass 2005-01-27 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
31 CVE-2004-0933 Bypass 2005-01-27 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 through r7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, EZ-Armor 2.0 through 2.4, and EZ-Antivirus 6.1 through 6.3 allow remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
32 CVE-2004-0932 Bypass 2005-01-27 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th 2004 and DATS Driver before 4397 October 6th 2004 allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
Total number of vulnerabilities : 32   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.