CA BrightStor ARCserve Backup is prone to a buffer overflow vulnerability on the RPC interface that could permit the execution of arbitrary remote code. A remote attacker can exploit this vulnerability to execute arbitrary code and completely compromise the computer.
This module exploits a buffer overflow in the handling of RPC data in the Computer Associates BrightStor ARCServe Backup Media Server service (mediasvr.exe) which is a component of BrightStor ARCserve Backup Tape Engine.
This module exploits a buffer overflow vulnerability in the LGServer Service (LGServer.exe) component of CA BrightStor ARCserve Backup for Laptops and Desktops and installs an agent if successful. This vulnerability can be exploited remotely by sending a specially crafted packet to port TCP/1900.
This module exploits a stack-based buffer overflow in CA BrightStor ARCserve Backup for Windows, allowing remote attackers to execute arbitrary code via a CONNECT_CLIENT_AUTH request with authentication method type 3 (Windows credentials) and a long password argument.
CA ARCserve D2D installs the Apache Axi2 Web services engine with default administrator credentials for the Axis2 administration console. This module will login into the Axis2 administration console and will deploy an .AAR Web service, in order to install an agent on the target machine.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing CATIA. The vulnerability is caused due to a boundary error when copying a user supplied input to a fixed size stack buffer. The copying procedure stops when a null byte is found and no size check is proceeded.
This module exploits a vulnerability in BrightStor ARCserve/Enterprise Backup Server, which can be leveraged by an attacker to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the Discovery Service when processing received network traffic. This can be exploited to cause a buffer overflow by sending an overly large TCP data stream to port 41523.
This module exploits a vulnerability in Computer Associates License Manager Service, which can be exploited by malicious code to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the service when processing received network traffic. This can be exploited to cause a buffer overflow by sending an overly large TCP packet to port 10202, 10203 or 10204.
The _validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted data[_Token][fields] value that is processed by the unserialize function, as demonstrated by modifying the file_map cache to execute arbitrary local files.
This module exploits a vulnerability in BrightStor ARCserve/Enterprise Backup, which can be exploited by an attacker to compromise a vulnerable system. The vulnerability is caused by a boundary error in the Discovery Service when processing received network traffic. This can be exploited to cause a buffer overflow by sending an overly large TCP packet to port 41523.