Vendor CVEs
Ca
All CVEs
260 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2003-1311 | 0.00 | — | 0.01 | Dec 31, 2003 | siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder does not ensure that the TARGET parameter names a valid redirection resource, which allows remote attackers to construct a URL that might trick users into visiting an arbitrary web site referenced by this parameter. | |||
| CVE-2003-1312 | 0.00 | — | 0.01 | Dec 31, 2003 | siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder places a session ID string in the value of the SMSESSION parameter in a URL, which might allow remote attackers to obtain the ID by sniffing, reading Referer logs, or other methods. | |||
| CVE-2001-0959 | 0.00 | — | 0.03 | Sep 15, 2001 | Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 creates a hidden share named ARCSERVE$, which allows remote attackers to obtain sensitive information and overwrite critical files. | |||
| CVE-2001-0960 | 0.00 | — | 0.03 | Sep 15, 2001 | Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 stores the backup agent user name and password in cleartext in the aremote.dmp file in the ARCSERVE$ hidden share, which allows local and remote attackers to gain privileges. | |||
| CVE-2001-1455 | 0.00 | — | 0.02 | Aug 24, 2001 | Netegrity SiteMinder 3.6 through 4.5.1 allows remote attackers to bypass filtering via URLs containing Unicode characters. | |||
| CVE-2001-0625 | 0.00 | — | 0.00 | Aug 22, 2001 | ftpdownload in Computer Associates InoculateIT 6.0 allows a local attacker to overwrite arbitrary files via a symlink attack on /tmp/ftpdownload.log . | |||
| CVE-2001-0382 | 0.00 | — | 0.01 | Jun 18, 2001 | Computer Associates CCC\Harvest 5.0 for Windows NT/2000 uses weak encryption for passwords, which allows a remote attacker to gain privileges on the application. | |||
| CVE-2000-0850 | 0.00 | — | 0.02 | Nov 14, 2000 | Netegrity SiteMinder before 4.11 allows remote attackers to bypass its authentication mechanism by appending "$/FILENAME.ext" (where ext is .ccc, .class, or .jpg) to the requested URL. | |||
| CVE-2000-0781 | 0.00 | — | 0.00 | Oct 20, 2000 | uagentsetup in ARCServeIT Client Agent 6.62 does not properly check for the existence or ownership of a temporary file which is moved to the agent.cfg configuration file, which allows local users to execute arbitrary commands by modifying the temporary file before it is moved. | |||
| CVE-2000-0762 | 0.00 | — | 0.06 | Oct 20, 2000 | The default installation of eTrust Access Control (formerly SeOS) uses a default encryption key, which allows remote attackers to spoof the eTrust administrator and gain privileges. |
- CVE-2003-1311Dec 31, 2003risk 0.00cvss —epss 0.01
siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder does not ensure that the TARGET parameter names a valid redirection resource, which allows remote attackers to construct a URL that might trick users into visiting an arbitrary web site referenced by this parameter.
- CVE-2003-1312Dec 31, 2003risk 0.00cvss —epss 0.01
siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder places a session ID string in the value of the SMSESSION parameter in a URL, which might allow remote attackers to obtain the ID by sniffing, reading Referer logs, or other methods.
- CVE-2001-0959Sep 15, 2001risk 0.00cvss —epss 0.03
Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 creates a hidden share named ARCSERVE$, which allows remote attackers to obtain sensitive information and overwrite critical files.
- CVE-2001-0960Sep 15, 2001risk 0.00cvss —epss 0.03
Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 stores the backup agent user name and password in cleartext in the aremote.dmp file in the ARCSERVE$ hidden share, which allows local and remote attackers to gain privileges.
- CVE-2001-1455Aug 24, 2001risk 0.00cvss —epss 0.02
Netegrity SiteMinder 3.6 through 4.5.1 allows remote attackers to bypass filtering via URLs containing Unicode characters.
- CVE-2001-0625Aug 22, 2001risk 0.00cvss —epss 0.00
ftpdownload in Computer Associates InoculateIT 6.0 allows a local attacker to overwrite arbitrary files via a symlink attack on /tmp/ftpdownload.log .
- CVE-2001-0382Jun 18, 2001risk 0.00cvss —epss 0.01
Computer Associates CCC\Harvest 5.0 for Windows NT/2000 uses weak encryption for passwords, which allows a remote attacker to gain privileges on the application.
- CVE-2000-0850Nov 14, 2000risk 0.00cvss —epss 0.02
Netegrity SiteMinder before 4.11 allows remote attackers to bypass its authentication mechanism by appending "$/FILENAME.ext" (where ext is .ccc, .class, or .jpg) to the requested URL.
- CVE-2000-0781Oct 20, 2000risk 0.00cvss —epss 0.00
uagentsetup in ARCServeIT Client Agent 6.62 does not properly check for the existence or ownership of a temporary file which is moved to the agent.cfg configuration file, which allows local users to execute arbitrary commands by modifying the temporary file before it is moved.
- CVE-2000-0762Oct 20, 2000risk 0.00cvss —epss 0.06
The default installation of eTrust Access Control (formerly SeOS) uses a default encryption key, which allows remote attackers to spoof the eTrust administrator and gain privileges.
Page 6 of 6