etrust software vulnerabilities
vulnerabilities.aspcode.net
Searching etrust software vulnerabilities
eTrust Intrusion Detection System (formerly Ses
Detection
|
Intrusion
|
System
|
eTrust
|
eTrust Intrusion Detection System (formerly SessionWall-3) uses weak encryption (XOR) to store administrative passwords in the registry, which allows local users to easily decrypt the passwords.
The (1) inoregupdate, (2) uniftest, or (3) unim
The (1) inoregupdate, (2) uniftest, or (3) unimove scripts in eTrust InoculateIT for Linux 6.0 allow local users to overwrite arbitrary files via a symlink attack on files in /tmp.
Computer Associates (CA) InoculateIT 6.0, eTrus
Associates
|
Computer
|
Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 through r7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, EZ-Armor 2.0 through 2.4, and EZ-Antivirus 6.1 through 6.3 allow remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
Computer Associates eTrust EZ Antivirus 7.0.0 t
Associates
|
Antivirus
|
Computer
|
eTrust
|
Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4, including 7.0.1.4, installs its files with insecure permissions (ACLs), which allows local users to gain privileges by replacing critical programs with malicious ones, as demonstrated using VetMsg.exe.
eTrust InoculateIT for Linux 6.0 uses insecure
application's
|
permissions
|
directories
|
InoculateIT
|
information
|
including
|
sensitive
|
registry
|
insecure
|
multiple
|
examine
|
allows
|
delete
|
modify
|
eTrust
|
Linux
|
files
|
which
|
local
|
users
|
uses
|
tmp
|
eTrust InoculateIT for Linux 6.0 uses insecure permissions for multiple files and directories, including the application's registry and tmp directories, which allows local users to delete, modify, or examine sensitive information.
Computer Associates eTrust Antivirus EE 6.0 thr
password-protected
|
Associates
|
attackers
|
including
|
protected
|
Antivirus
|
scanning
|
password
|
Computer
|
through
|
causes
|
eTrust
|
bypass
|
remote
|
allows
|
which
|
other
|
virus
|
files
|
skip
|
file
|
scan
|
only
|
ZIP
|
Computer Associates eTrust Antivirus EE 6.0 through 7.0 allows remote attackers to bypass virus scanning by including a password-protected file in a ZIP file, which causes eTrust to scan only the password protected file and skip the other files.
Computer Associates (CA) eTrust Intrusion Detec
Associates
|
Computer
|
Computer Associates (CA) eTrust Intrusion Detection 3.0 allows remote attackers to cause a denial of service via large size values that are not properly validated before calling the CPImportKey function in the Crypto API.
Integer overflow in Computer Associates Vet Ant
InoculateIT
|
Associates
|
BrightStor
|
Intrusion
|
Detection
|
Antivirus
|
ARCserve
|
overflow
|
Computer
|
Gateway
|
Content
|
Manager
|
Integer
|
library
|
through
|
eTrust
|
Backup
|
Secure
|
used
|
r71
|
r70
|
r60
|
Vet
|
Integer overflow in Computer Associates Vet Antivirus library, as used by CA InoculateIT 6.0, eTrust Antivirus r6.0 through 7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, BrightStor ARCserve Backup (BAB) r11.1, Vet Antivirus, Zonelabs ZoneAlarm Security Suite, and ZoneAlarm Antivirus, allows remote attackers to gain privileges via a compressed VBA directory with a project name length of -1, which leads to a heap-based buffer overflow.
Cross-site scripting (XSS) vulnerability in Com
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in Computer Associates (CA) eTrust SiteMinder 5.5, when the "CSSChecking" parameter is set to "NO," allows remote attackers to inject arbitrary web script or HTML via the (1) PASSWORD or (2) BUFFER parameters to smpwservicescgi.exe, (3) the TARGET parameter to login.fcc, and possibly other vectors.
Multiple interpretation error in unspecified ve
interpretation
|
unspecified
|
versions
|
Multiple
|
error
|
Multiple interpretation error in unspecified versions of (1) eTrust-Iris and (2) eTrust-Vet Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
Format string vulnerability in CA Integrated Th
vulnerability
|
Integrated
|
Management
|
string
|
Threat
|
Format
|
Format string vulnerability in CA Integrated Threat Management (ITM), eTrust Antivirus (eAV), and eTrust PestPatrol (ePP) r8 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a scan job with format strings in the description field.
Unspecified vulnerability in CA eTrust Antiviru
vulnerability
|
Unspecified
|
processing
|
attackers
|
arbitrary
|
"improper
|
Antivirus
|
checking
|
certain
|
WebScan
|
execute
|
input"
|
eTrust
|
bounds
|
allows
|
remote
|
user
|
code
|
due
|
Unspecified vulnerability in CA eTrust Antivirus WebScan allows remote attackers to execute arbitrary code due to "improper bounds checking when processing certain user input."
Unspecified vulnerability in CA eTrust Antiviru
vulnerability
|
Unspecified
|
Antivirus
|
WebScan
|
before
|
eTrust
|
Unspecified vulnerability in CA eTrust Antivirus WebScan before 1.1.0.1048 allows remote attackers to install arbitrary files.
Unspecified vulnerability in CA eTrust Antiviru
vulnerability
|
Unspecified
|
Antivirus
|
WebScan
|
before
|
eTrust
|
Unspecified vulnerability in CA eTrust Antivirus WebScan before 1.1.0.1048 has unknown impact and remote attackers related to "improper processing of outdated WebScan components."
The ePPIServlet script in Computer Associates (
ePPIServlet
|
Associates
|
Computer
|
script
|
The ePPIServlet script in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, when running on Windows, allows remote attackers to obtain the web server path via a "'" (single quote) in the PIProfile function, which leaks the path in an error message.
Directory traversal vulnerability in Computer A
vulnerability
|
Associates
|
Directory
|
traversal
|
Computer
|
Directory traversal vulnerability in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, allows remote authenticated users to read and delete arbitrary files via ".." sequences in the eSCCAdHocHtmlFile parameter to eSMPAuditServlet, which is not properly handled by the getadhochtml function.
Heap-based buffer overflow in SW3eng.exe in the
Heap-based
|
SW3engexe
|
overflow
|
service
|
Engine
|
buffer
|
eID
|
Heap-based buffer overflow in SW3eng.exe in the eID Engine service in CA (formerly Computer Associates) eTrust Intrusion Detection 3.0.5.57 and earlier allows remote attackers to cause a denial of service (application crash) via a long key length value to the remote administration port (9191/tcp).
Unspecified vulnerability in cube.exe in the GI
vulnerability
|
Unspecified
|
component
|
cubeexe
|
GINA
|
Unspecified vulnerability in cube.exe in the GINA component for CA (Computer Associates) eTrust Admin 8.1.0 through 8.1.2 allows attackers with physical interactive or Remote Desktop access to bypass authentication and gain privileges via the password reset interface.
The CallCode ActiveX control in caller.dll 3.0
callerdll
|
CallCode
|
control
|
ActiveX
|
before
|
The CallCode ActiveX control in caller.dll 3.0 before Friday, July 13, 2007, and 3.0 SP1 before 3.0.5.81, in CA (formerly Computer Associates) eTrust Intrusion Detection allows remote attackers to load arbitrary DLLs on a client system, and execute code from these DLLs, via unspecified "scriptable functions."
Multiple heap-based buffer overflows in the (1)
heap-based
|
overflows
|
Multiple
|
buffer
|
Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors.
Software vulnerabilities results 1 to 20 of 25
Page:
1
2
►