| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2008-3175 |
189 |
|
DoS Exec Code Overflow |
2008-08-01 |
2021-04-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Integer underflow in rxRPC.dll in the LGServer service in the server in CA ARCserve Backup for Laptops and Desktops 11.0 through 11.5 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted message that triggers a buffer overflow. |
|
2 |
CVE-2008-2242 |
119 |
|
Exec Code Overflow |
2008-05-21 |
2021-04-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple buffer overflows in xdr functions in the server in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allow remote attackers to execute arbitrary code, as demonstrated by a stack-based buffer overflow via a long parameter to the xdr_rwsstring function. |
|
3 |
CVE-2008-2241 |
22 |
|
Exec Code Dir. Trav. |
2008-05-21 |
2021-04-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Directory traversal vulnerability in caloggerd in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allows remote attackers to append arbitrary data to arbitrary files via directory traversal sequences in unspecified input fields, which are used in log messages. NOTE: this can be leveraged for code execution in many installation environments by writing to a startup file or configuration file. |
|
4 |
CVE-2007-5332 |
399 |
|
Mem. Corr. |
2007-10-13 |
2021-04-07 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple unspecified vulnerabilities in (1) mediasvr and (2) caloggerd in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, have unknown impact and attack vectors related to memory corruption. |
|
5 |
CVE-2007-5331 |
94 |
|
Exec Code |
2007-10-13 |
2021-04-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Queue.dll for the message queuing service (LQserver.exe) in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to execute arbitrary code via a malformed ONRPC protocol request for operation 0x76, which causes ARCserve Backup to dereference arbitrary pointers. |
|
6 |
CVE-2007-5330 |
119 |
|
Exec Code Overflow Mem. Corr. |
2007-10-13 |
2021-04-07 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The cadbd RPC service in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to (1) execute arbitrary code via stack-based buffer overflows in unspecified RPC procedures, and (2) trigger memory corruption related to the use of "handle" RPC arguments as pointers. |
|
7 |
CVE-2007-5329 |
399 |
|
Mem. Corr. |
2007-10-13 |
2021-04-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in dbasvr in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, has unknown impact and attack vectors related to memory corruption. |
|
8 |
CVE-2007-5328 |
264 |
|
Exec Code |
2007-10-13 |
2021-04-07 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Message Engine RPC service in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows attackers to execute arbitrary code by using certain "insecure method calls" to modify the file system and registry, aka "Privileged function exposure." |
|
9 |
CVE-2007-5327 |
119 |
|
Exec Code Overflow |
2007-10-13 |
2021-04-07 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the RPC interface for the Message Engine (mediasvr.exe) in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to execute arbitrary code via a long argument in the 0x10d opnum. |
|
10 |
CVE-2007-5326 |
119 |
|
Exec Code Overflow |
2007-10-13 |
2021-04-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple buffer overflows in (1) RPC and (2) rpcx.dll in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allow remote attackers to execute arbitrary code via unspecified vectors. |
|
11 |
CVE-2007-5325 |
119 |
|
Exec Code Overflow |
2007-10-13 |
2021-04-07 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple buffer overflows in (1) the Message Engine and (2) AScore.dll in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allow remote attackers to execute arbitrary code via unspecified vectors. |
|
12 |
CVE-2007-4620 |
119 |
|
Exec Code Overflow |
2008-04-07 |
2021-04-07 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Multiple stack-based buffer overflows in Computer Associates (CA) Alert Notification Service (Alert.exe) 8.1.586.0, 8.0.450.0, and 7.1.758.0, as used in multiple CA products including Anti-Virus for the Enterprise 7.1 through r11.1 and Threat Manager for the Enterprise 8.1 and r8, allow remote authenticated users to execute arbitrary code via crafted RPC requests. |
|
13 |
CVE-2007-3875 |
|
|
DoS |
2007-07-26 |
2021-04-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust Antivirus) 8 and certain other CA products allows remote attackers to cause a denial of service (infinite loop and loss of antivirus functionality) via an invalid "previous listing chunk number" field in a CHM file. |
|
14 |
CVE-2007-3825 |
|
|
Exec Code Overflow |
2007-07-18 |
2021-04-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple stack-based buffer overflows in the RPC implementation in alert.exe before 8.0.255.0 in CA (formerly Computer Associates) Alert Notification Server, as used in Threat Manager for the Enterprise, Protection Suites, certain BrightStor ARCserve products, and BrightStor Enterprise Backup, allow remote attackers to execute arbitrary code by sending certain data to unspecified RPC procedures. |
|
15 |
CVE-2007-2864 |
|
|
Exec Code Overflow |
2007-06-06 |
2021-04-14 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a large invalid value of the coffFiles field in a .CAB file. |
|
16 |
CVE-2007-2863 |
|
|
Exec Code Overflow |
2007-06-06 |
2021-04-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a long filename in a .CAB file. |
|
17 |
CVE-2007-2139 |
|
|
Exec Code Overflow |
2007-04-25 |
2021-04-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2, and Business Protection Suite 2, allow remote attackers to execute arbitrary code via malformed RPC strings, a different vulnerability than CVE-2006-5171, CVE-2006-5172, and CVE-2007-1785. |
|
18 |
CVE-2007-1785 |
|
|
Exec Code |
2007-03-31 |
2021-04-07 |
7.1 |
None |
Remote |
High |
??? |
Complete |
Complete |
Complete |
|
The RPC service in mediasvr.exe in CA BrightStor ARCserve Backup 11.5 SP2 build 4237 allows remote attackers to execute arbitrary code via crafted xdr_handle_t data in RPC packets, which is used in calculating an address for a function call, as demonstrated using the 191 (0xbf) RPC request. |
|
19 |
CVE-2007-0816 |
|
|
DoS |
2007-02-07 |
2021-04-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The RPC Server service (catirpc.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 SP2 and earlier allows remote attackers to cause a denial of service (service crash) via a crafted TADDR2UADDR that triggers a null pointer dereference in catirpc.dll, possibly related to null credentials or verifier fields. |
|
20 |
CVE-2006-6379 |
|
|
Exec Code Overflow |
2006-12-10 |
2021-04-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the BrightStor Backup Discovery Service in multiple CA products, including ARCserve Backup r11.5 SP1 and earlier, ARCserve Backup 9.01 up to 11.1, Enterprise Backup 10.5, and CA Server Protection Suite r2, allows remote attackers to execute arbitrary code via unspecified vectors. |
|
21 |
CVE-2006-6076 |
|
|
Exec Code Overflow |
2006-11-24 |
2021-04-07 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the Tape Engine (tapeeng.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to execute arbitrary code via certain RPC requests to TCP port 6502. |
|
22 |
CVE-2006-5143 |
119 |
|
Exec Code Overflow |
2006-10-10 |
2021-04-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and earlier, r11.1, and 9.01; BrightStor ARCserve Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; and Business Protection Suite r2 allow remote attackers to execute arbitrary code via crafted data on TCP port 6071 to the Backup Agent RPC Server (DBASVR.exe) using the RPC routines with opcode (1) 0x01, (2) 0x02, or (3) 0x18; invalid stub data on TCP port 6503 to the RPC routines with opcode (4) 0x2b or (5) 0x2d in ASCORE.dll in the Message Engine RPC Server (msgeng.exe); (6) a long hostname on TCP port 41523 to ASBRDCST.DLL in the Discovery Service (casdscsvc.exe); or unspecified vectors related to the (7) Job Engine Service. |
|
23 |
CVE-2005-3653 |
119 |
|
Exec Code Overflow |
2005-12-31 |
2021-04-14 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field. |
|
24 |
CVE-2005-0349 |
|
|
Exec Code |
2005-05-02 |
2021-04-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The production release of the UniversalAgent for UNIX in BrightStor ARCserve Backup 11.1 contains hard-coded credentials, which allows remote attackers to access the file system and possibly execute arbitrary commands. |
|
25 |
CVE-2005-0260 |
|
|
Exec Code Overflow |
2005-05-02 |
2021-04-07 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the Discovery Service for BrightStor ARCserve Backup 11.1 and earlier allows remote attackers to execute arbitrary code via a long packet to UDP port 41524, which is not properly handled in a recvfrom call. |
|
26 |
CVE-2004-1096 |
|
|
Bypass |
2005-01-10 |
2021-04-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. |
|
27 |
CVE-2004-0937 |
|
|
Bypass |
2005-02-09 |
2021-04-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, 98, and Me before 3.88.0, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. |
|
28 |
CVE-2004-0936 |
|
|
Bypass |
2005-01-27 |
2021-04-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
RAV antivirus allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. |
|
29 |
CVE-2004-0935 |
|
|
Bypass |
2005-01-27 |
2021-04-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Eset Anti-Virus before 1.020 (16th September 2004) allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. |
|
30 |
CVE-2004-0934 |
|
|
Bypass |
2005-01-27 |
2021-04-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. |
|
31 |
CVE-2004-0933 |
|
|
Bypass |
2005-01-27 |
2021-04-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 through r7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, EZ-Armor 2.0 through 2.4, and EZ-Antivirus 6.1 through 6.3 allow remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. |
|
32 |
CVE-2004-0932 |
|
|
Bypass |
2005-01-27 |
2021-04-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th 2004 and DATS Driver before 4397 October 6th 2004 allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. |
