Filtered by vendor Broadcom
Subscribe
Total
444 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-5472 | 1 Broadcom | 1 Host-based Intrusion Prevention System | 2021-04-09 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Server component in CA Host-Based Intrusion Prevention System (HIPS) before 8.0.0.93 allows remote attackers to inject arbitrary web script or HTML via requests that are written to logs for later display in the log viewer. | |||||
CVE-2007-6406 | 1 Broadcom | 1 Etrust Threat Management Console | 2021-04-09 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in CA (formerly Computer Associates) eTrust Threat Management Console allow remote attackers to inject arbitrary web script or HTML via the IP Address field and other unspecified fields. | |||||
CVE-2007-5923 | 1 Broadcom | 1 Etrust Siteminder | 2021-04-09 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in forms/smpwservices.fcc in CA (formerly Computer Associates) eTrust SiteMinder Agent allows remote attackers to inject arbitrary web script or HTML via the SMAUTHREASON parameter, a different vector than CVE-2005-2204. | |||||
CVE-2005-2204 | 1 Broadcom | 1 Etrust Siteminder | 2021-04-09 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Computer Associates (CA) eTrust SiteMinder 5.5, when the "CSSChecking" parameter is set to "NO," allows remote attackers to inject arbitrary web script or HTML via the (1) PASSWORD or (2) BUFFER parameters to smpwservicescgi.exe, (3) the TARGET parameter to login.fcc, and possibly other vectors. | |||||
CVE-2006-4901 | 1 Broadcom | 4 Etrust Audit Client, Etrust Audit Datatools, Etrust Audit Policy Manager and 1 more | 2021-04-09 | 6.4 MEDIUM | N/A |
Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, and eTrust Audit 1.5 and r8, allows remote attackers to spoof alerts and conduct replay attacks by invoking eTSAPISend.exe with the desired arguments. | |||||
CVE-2006-4900 | 1 Broadcom | 1 Etrust Security Command Center | 2021-04-09 | 5.5 MEDIUM | N/A |
Directory traversal vulnerability in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, allows remote authenticated users to read and delete arbitrary files via ".." sequences in the eSCCAdHocHtmlFile parameter to eSMPAuditServlet, which is not properly handled by the getadhochtml function. | |||||
CVE-2006-4899 | 1 Broadcom | 1 Etrust Security Command Center | 2021-04-09 | 5.0 MEDIUM | N/A |
The ePPIServlet script in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, when running on Windows, allows remote attackers to obtain the web server path via a "'" (single quote) in the PIProfile function, which leaks the path in an error message. | |||||
CVE-2007-2522 | 1 Broadcom | 3 Antispyware For The Enterprise, Etrust Integrated Threat Management, Etrust Pestpatrol | 2021-04-09 | 10.0 HIGH | N/A |
Stack-based buffer overflow in the inoweb Console Server in CA Anti-Virus for the Enterprise r8, Threat Manager r8, Anti-Spyware for the Enterprise r8, and Protection Suites r3 allows remote attackers to execute arbitrary code via a long (1) username or (2) password. | |||||
CVE-2005-0968 | 1 Broadcom | 1 Etrust Intrusion Detection | 2021-04-09 | 5.0 MEDIUM | N/A |
Computer Associates (CA) eTrust Intrusion Detection 3.0 allows remote attackers to cause a denial of service via large size values that are not properly validated before calling the CPImportKey function in the Crypto API. | |||||
CVE-2007-1005 | 2 Broadcom, Ca | 2 Etrust Intrusion Detection, Etrust Intrusion Detection | 2021-04-09 | 7.8 HIGH | N/A |
Heap-based buffer overflow in SW3eng.exe in the eID Engine service in CA (formerly Computer Associates) eTrust Intrusion Detection 3.0.5.57 and earlier allows remote attackers to cause a denial of service (application crash) via a long key length value to the remote administration port (9191/tcp). | |||||
CVE-2007-5439 | 1 Broadcom | 1 Etrust Integrated Threat Management | 2021-04-09 | 5.0 MEDIUM | N/A |
CA (formerly Computer Associates) eTrust ITM (Threat Manager) 8.1 stores sensitive user information in log files with predictable names, which allows remote attackers to obtain this information via unspecified vectors. | |||||
CVE-2007-5437 | 1 Broadcom | 1 Etrust Integrated Threat Management | 2021-04-09 | 5.8 MEDIUM | N/A |
The web console in CA (formerly Computer Associates) eTrust ITM (Threat Manager) 8.1 allows remote attackers to redirect users to arbitrary web sites via a crafted HTTP URL on port 6689. | |||||
CVE-2007-3302 | 2 Broadcom, Ca | 2 Etrust Intrusion Detection, Etrust Intrusion Detection | 2021-04-09 | 9.3 HIGH | N/A |
The CallCode ActiveX control in caller.dll 3.0 before 20070713, and 3.0 SP1 before 3.0.5.81, in CA (formerly Computer Associates) eTrust Intrusion Detection allows remote attackers to load arbitrary DLLs on a client system, and execute code from these DLLs, via unspecified "scriptable functions." | |||||
CVE-2000-0559 | 1 Broadcom | 1 Etrust Intrusion Detection | 2021-04-09 | 2.1 LOW | N/A |
eTrust Intrusion Detection System (formerly SessionWall-3) uses weak encryption (XOR) to store administrative passwords in the registry, which allows local users to easily decrypt the passwords. | |||||
CVE-2004-1149 | 1 Broadcom | 1 Etrust Ez Antivirus | 2021-04-09 | 7.2 HIGH | N/A |
Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4, including 7.0.1.4, installs its files with insecure permissions (ACLs), which allows local users to gain privileges by replacing critical programs with malicious ones, as demonstrated using VetMsg.exe. | |||||
CVE-2007-3695 | 1 Broadcom | 1 Erwin Process Modeler | 2021-04-09 | 10.0 HIGH | N/A |
Buffer overflow in LICRCMD.EXE in CA ERwin Process Modeler (formerly AllFusion Process Modeler) 7.1 allows attackers to execute arbitrary code via a long filename. NOTE: the researcher does not suggest any circumstances in which the filename would come from an untrusted source, and therefore perhaps the issue does not cross privilege boundaries and should not be included in CVE. | |||||
CVE-2000-0762 | 2 Broadcom, Ca | 2 Etrust Access Control, Etrust Access Control | 2021-04-09 | 10.0 HIGH | N/A |
The default installation of eTrust Access Control (formerly SeOS) uses a default encryption key, which allows remote attackers to spoof the eTrust administrator and gain privileges. | |||||
CVE-2005-3372 | 1 Broadcom | 1 Etrust Antivirus | 2021-04-09 | 5.1 MEDIUM | N/A |
Multiple interpretation error in eTrust CA 7.0.1.4 with the 11.9.1 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." | |||||
CVE-2005-3225 | 1 Broadcom | 2 Etrust Antivirus, Etrust Antivirus Iris Engine | 2021-04-09 | 5.1 MEDIUM | N/A |
Multiple interpretation error in unspecified versions of (1) eTrust-Iris and (2) eTrust-Vet Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. | |||||
CVE-2007-5435 | 1 Broadcom | 1 Erwin Process Modeler | 2021-04-09 | 4.3 MEDIUM | N/A |
Unspecified vulnerability in CA ERwin Process Modeler (formerly AllFusion Process Modeler) 7.2 might allow user-assisted remote attackers to cause a denial of service via a crafted Data Standards File (Datatype Standards File). |