VYPR

Vendor CVEs

Ca

All CVEs

260 total · sorted by risk
  • CVE-2003-1311Dec 31, 2003
    risk 0.00cvss epss 0.01

    siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder does not ensure that the TARGET parameter names a valid redirection resource, which allows remote attackers to construct a URL that might trick users into visiting an arbitrary web site referenced by this parameter.

  • CVE-2003-1312Dec 31, 2003
    risk 0.00cvss epss 0.01

    siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder places a session ID string in the value of the SMSESSION parameter in a URL, which might allow remote attackers to obtain the ID by sniffing, reading Referer logs, or other methods.

  • CVE-2001-0959Sep 15, 2001
    risk 0.00cvss epss 0.03

    Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 creates a hidden share named ARCSERVE$, which allows remote attackers to obtain sensitive information and overwrite critical files.

  • CVE-2001-0960Sep 15, 2001
    risk 0.00cvss epss 0.03

    Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 stores the backup agent user name and password in cleartext in the aremote.dmp file in the ARCSERVE$ hidden share, which allows local and remote attackers to gain privileges.

  • CVE-2001-1455Aug 24, 2001
    risk 0.00cvss epss 0.02

    Netegrity SiteMinder 3.6 through 4.5.1 allows remote attackers to bypass filtering via URLs containing Unicode characters.

  • CVE-2001-0625Aug 22, 2001
    risk 0.00cvss epss 0.00

    ftpdownload in Computer Associates InoculateIT 6.0 allows a local attacker to overwrite arbitrary files via a symlink attack on /tmp/ftpdownload.log .

  • CVE-2001-0382Jun 18, 2001
    risk 0.00cvss epss 0.01

    Computer Associates CCC\Harvest 5.0 for Windows NT/2000 uses weak encryption for passwords, which allows a remote attacker to gain privileges on the application.

  • CVE-2000-0850Nov 14, 2000
    risk 0.00cvss epss 0.02

    Netegrity SiteMinder before 4.11 allows remote attackers to bypass its authentication mechanism by appending "$/FILENAME.ext" (where ext is .ccc, .class, or .jpg) to the requested URL.

  • CVE-2000-0781Oct 20, 2000
    risk 0.00cvss epss 0.00

    uagentsetup in ARCServeIT Client Agent 6.62 does not properly check for the existence or ownership of a temporary file which is moved to the agent.cfg configuration file, which allows local users to execute arbitrary commands by modifying the temporary file before it is moved.

  • CVE-2000-0762Oct 20, 2000
    risk 0.00cvss epss 0.06

    The default installation of eTrust Access Control (formerly SeOS) uses a default encryption key, which allows remote attackers to spoof the eTrust administrator and gain privileges.

Page 6 of 6