An overly long packet content directly overwrites the SEH handler for the frame allowing for control over EIP. After successful exploitation an agent will be installed.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco Secure ACS UCP. The vulnerability is caused due to a boundary error within Cisco Secure ACS UCP when processing passwords with CSuserCGI.exe vulnerable module. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to this module.
preg_replace using eval switch vulnerability in html2text library, allows remote attackers to execute arbitrary code.
An internal memory buffer may be overrun while handling long "MKD" commands. This condition may be exploited by attackers to ultimately execute instructions with the privileges of the CesarFTP process. The CesarFTP server will be left inaccessible after successful exploitation.
This module exploits a remote stack-based buffer overflow in CA XOsoft Control Service by passing overly long arguments to the entry_point.aspx login page. Authentication is not required for this exploit to work.
The UNCWS Web Service component of CA Total Defense listens for SOAP requests. The UnAssignAdminUsers method makes use of the uncsp_UnassignAdminRoles stored procedure, which is vulnerable to SQL Injection. A remote unauthenticated attacker can exploit this to execute arbitrary code on a vulnerable machine with SYSTEM privileges.
The UNCWS Web Service component of CA Total Defense listens for SOAP requests. A remote unauthenticated attacker can invoke the getDBConfigSettings method, and the Web Service will answer with the server's database credentials. Once that the credentials are captured, it is possible for a remote attacker to connect to the database and execute arbitrary code under the context of the database administrator.
The UNCWS Web Service component of CA Total Defense listens for SOAP requests. The exportReport method makes use of the uncsp_GenerateReports_Dashboard stored procedure, which is vulnerable to SQL Injection. A remote unauthenticated attacker can exploit this to execute arbitrary code on a vulnerable machine with SYSTEM privileges.
The UNCWS Web Service component of CA Total Defense listens for SOAP requests. The DeleteReports method makes use of the uncsp_DeleteReports stored procedure, which is vulnerable to SQL Injection. A remote unauthenticated attacker can exploit this to execute arbitrary code on a vulnerable machine with SYSTEM privileges.
The UNCWS Web Service component of CA Total Defense listens for SOAP requests. The deleteReportFilter method makes use of the uncsp_DeleteFilter stored procedure, which is vulnerable to SQL Injection. A remote unauthenticated attacker can exploit this to execute arbitrary code on a vulnerable machine with SYSTEM privileges.