Next Page >>
backup
Title: CA ARCserve Backup caloggerd and xdr Functions
Vulnerabilities
CA Advisory Date: 2008-05-19
Reported By: An anonymous researcher working with the iDefense VCP
Damian Put working with ZDI/TippingPoint
Title: CA ARCserve Backup Multiple Vulnerabilities
CA Advisory Date: 2008-10-09
Reported By:
Haifei Li of Fortinet's FortiGuard Global Security Research Team
Title: CA ARCserve Backup for Laptops and Desktops Server LGServer
Service Vulnerability
CA Advisory Date: 2008-07-31
Reported By: Vulnerability Research Team of Assurent Secure
Technologies, a TELUS Company
-----BEGIN PGP SIGNED MESSAGE-----
CA20120320-01: Security Notice for CA ARCserve Backup
Issued: March 20, 2012
CA Technologies Support is alerting customers to a potential risk
with CA ARCserve Backup for Windows. A vulnerability exists that can
allow a remote attacker to cause a denial of service condition. CA
Technologies has issued fixes to address the vulnerability.
Title: [CAID 35673, 35674, 35675, 35676, 35677]: CA ARCserve
Backup for Laptops and Desktops Multiple Server Vulnerabilities
CA Vuln ID (CAID): 35673, 35674, 35675, 35676, 35677
CA Advisory Date: 2007-09-20
Reported By: Sean Larsson (VeriSign iDefense Labs)
anonymous researcher working with the iDefense VCP
Title: [CAID 35724, 35725, 35726]: CA BrightStor ARCserve Backup
Multiple Vulnerabilities
CA Vuln ID (CAID): 35724, 35725, 35726
CA Advisory Date: 2007-10-10
CA Advisory Updated: 2007-12-05
Reported By:
Title: [CAID 35724, 35725, 35726]: CA BrightStor ARCserve Backup
Multiple Vulnerabilities
CA Vuln ID (CAID): 35724, 35725, 35726
CA Advisory Date: 2007-10-10
Reported By:
Anonymous researcher working with the iDefense VCP (CVE-2007-5325)
Title: CA ARCserve Backup Discovery Service Denial of Service
Vulnerability
CA Advisory Date: 2008-06-17
Reported By: Luigi Auriemma
Title: CA ARCserve Backup for Laptops and Desktops Server and CA
Desktop Management Suite Multiple Vulnerabilities
CA Advisory Date: 2008-04-03
Reported By: Dyon Balding of Secunia Research
Impact: A remote attacker can execute arbitrary code or cause a
denial of service condition.
Title: CA ARCserve Backup LDBserver Vulnerability
CA Advisory Date: 2008-12-10
Reported By:
Dyon Balding of Secunia Research
------------------------------
1. Cross-Site Request Forgery.
------------------------------
Taking in account that in plugin WordPress Database Backup there is no
protection against CSRF, then with help of this CSRF vulnerability it's
possible to attack admin. It can be done for forcing of backup, in order to
get the backup of site's DB via earlier mentioned Information Leakage
vulnerability, or for the purpose of creating of large number of backup
files, to occupy free space at the server. Or in order to receive backup on
Affected Products:
Admin r8.1 SP2
Advantage Data Transformer r2.2
Allfusion Harvest Change Manager r7.1
CA ARCserve Backup for Unix r11.1, r11.5 GA/SP1/SP2/SP3
CA ARCserve Backup for Linux r11.1, r11.5 GA/SP1/SP2/SP3
CA Directory r8.1
CA Job Management Option R11.0
CA Single Sign-On r8.1
CleverPath Aion BPM r10.1, r10.2
Title: CA20090429-01: CA ARCserve Backup Apache HTTP Server
Multiple Vulnerabilities
CA Advisory Reference: CA20090429-01
CA Advisory Date: 2009-04-29
------------------------------
URL: http://websecurity.com.ua/4419/
------------------------------
These are Information Leakage and Full path disclosure vulnerabilities which
I found at 05.06.2007. They are concerning WordPress Database Backup plugin
which was a part of WordPress 2.0.x (was core plugin).
------------------------------
1. Information Leakage.
------------------------------
Title:
======
Barracuda Backup v2.0 - Multiple Web Vulnerabilities
Date:
=====
2011-09-28
-----BEGIN PGP SIGNED MESSAGE-----
CA20100318-01: Security Notice for CA ARCserve Backup
Issued: March 18, 2010
CA's support is alerting customers to security risks with CA ARCserve
Backup. The version of JRE shipped with ARCserve Backup is
potentially susceptible to multiple vulnerabilities and has also
reached end of life. Support is providing JRE 1.6 upgrades as
-----BEGIN PGP SIGNED MESSAGE-----
CA20100603-01: Security Notice for CA ARCserve Backup
Issued: June 3, 2010
CA Technologies support is alerting customers to a security risk with
CA ARCserve Backup. A vulnerability exists, CVE-2010-2157, that can
potentially allow a local attacker to gain sensitive information.
* scapy-carp.patch - A patch against the latest Scapy (currently
2.1.0) so it understands the CARP protocol. The PoC won't work without
the patch
* carp-poc.py - A very quick and dirty PoC which will force all CARP
nodes into backup mode. You need to be on the same Layer 2 as the CARP
nodes. Also make sure you have the correct interface selected
Happy hacking,
wolfie
Title: CA20090615-01: CA ARCserve Backup Message Engine Denial of
Service Vulnerabilities
CA Advisory Reference: CA20090615-01
CA Advisory Date: 2009-06-15
Title: CA20090615-01: CA ARCserve Backup Message Engine Denial of
Service Vulnerabilities
CA Advisory Reference: CA20090615-01
CA Advisory Date: 2009-06-15
#6 Symlink attacks
There are Virtualmin modules which allows the attacker to conduct a
successful symlink attack, which may lead to a full compromise of the
server.
Example for "Backup Virtual Servers":
1) Regular user creates backupdir and symlink:
$ mkdir virtualmin-backup && ln -s /etc/master.passwd
virtualmin-backup/test
$ ls -la /etc/master.passwd
-rw------- 1 root wheel 1024 Jan 19 23:08 /etc/master.passwd
Threat Management) r8
CA Threat Manager for the Enterprise (formerly eTrust Integrated
Threat Management) r8.1
CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8
CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8.1
BrightStor ARCserve Backup r11.5
BrightStor ARCserve Backup r11.1
BrightStor ARCserve Backup r11 for Windows
Affected Platforms:
Windows
CA BrightStor ARCserve Backup Server Arbitrary Pointer Dereference
Release Date:
October 11, 2007
Date Reported:
June 18, 2007
Severity:
High (Remote Code Execution)
======================================================================
Secunia Research 17/03/2010
- Quicksilver Forums Backup Information Disclosure -
======================================================================
Table of Contents
Affected Software....................................................1
Network and Systems Management) r3.1
CA Network and Systems Management (NSM) (formerly Unicenter
Network and Systems Management) r11
CA Network and Systems Management (NSM) (formerly Unicenter
Network and Systems Management) r11.1
CA ARCserve Backup r11.5 on Windows
CA ARCserve Backup r12 on Windows
CA ARCserve Backup r12.0 SP1 on Windows
CA ARCserve Backup r12.0 SP 2 on Windows
CA ARCserve Backup r12.5 on Windows
CA ARCserve Backup r11.1 Linux
Network and Systems Management) r3.1
CA Network and Systems Management (NSM) (formerly Unicenter
Network and Systems Management) r11
CA Network and Systems Management (NSM) (formerly Unicenter
Network and Systems Management) r11.1
CA ARCserve Backup r11.5 on Windows
CA ARCserve Backup r12 on Windows
CA ARCserve Backup r12.0 SP1 on Windows
CA ARCserve Backup r12.0 SP 2 on Windows
CA ARCserve Backup r12.5 on Windows
CA ARCserve Backup r11.1 Linux
Vendor:
Computer Associates (CA)
Systems Affected:
CA ARCserve Backup for Laptops and Desktops r11.5
CA ARCserve Backup for Laptops and Desktops r11.1 SP2
CA ARCserve Backup for Laptops and Desktops r11.1 SP1
CA ARCserve Backup for Laptops and Desktops r11.1
CA ARCserve Backup for Laptops and Desktops r11.0
CA ARCserve Backup for Laptops and Desktops r4.0
ZDI-07-069: CA BrightStor ARCserve Backup Message Engine Insecure Method
Exposure Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-07-069.html
November 26, 2007
-- CVE ID:
CVE-2007-5328
-- Affected Vendor:
Computer Associates
======================================================================
Secunia Research 28/11/2007
- Symantec Backup Exec Job Engine Denial of Service -
======================================================================
Table of Contents
Affected Software....................................................1
======================================================================
Secunia Research 10/03/2010
- Employee Timeclock Software Backup Information Disclosure -
======================================================================
Table of Contents
Affected Software....................................................1
Next Page>>
|
