Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

VULNERABILITIES \ FIXES - October 12, 2008

by Marianna Schmudlach Oct 12, 2008 2:54AM PDT

CA BrightStor ARCServe BackUp
Message Engine Command Injection Vulnerability

12 Oct. 2008

Summary
CA BrightStor ARCServe BackUp is an overall data backup solution. The RPC interface of CA BrightStor ARCServe BackUp does not handle user's input exactly that allows anonymous attacker to inject any command, a remote code execution attack may achieved through this way.

Credit:
The information has been provided by cocoruder.

http://www.securiteam.com/windowsntfocus/6I00C0KMUQ.html

Discussion is locked

2 Posts

- Collapse + Expand Details

- Collapse -

Apache Tomcat Information Disclosure (RemoteFilterValve)

by Marianna Schmudlach Oct 12, 2008 2:56AM PDT

12 Oct. 2008

Summary
Tomcat can, in very rare circumstances, permit a user from a non-permitted IP address to gain access to a context protected with a valve that extends RemoteFilterValve.

Credit:
The information has been provided by Mark Thomas.

http://www.securiteam.com/unixfocus/6J00D0KMUS.html

- Collapse -

Apple CUPS HP-GL/2 filter Code Execution Vulnerability

by Marianna Schmudlach Oct 12, 2008 2:57AM PDT

12 Oct. 2008

Summary
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple CUPS. Authentication is not required to exploit this vulnerability.

Credit:
The information has been provided by The Zero Day Initiative (ZDI).
The original article can be found at: http://www.zerodayinitiative.com/advisories/ZDI-08-067

http://www.securiteam.com/unixfocus/6H00B0KMUY.html

Back to Spyware, Viruses, & Security forum