Broadcom Arcserve Backup vulnerabilities

CVE-2012-1662 [MEDIUM] CWE-20 CVE-2012-1662: CA ARCserve Backup r12.0 through SP2, r12.5 before SP2, r15 through SP1, and r16 before SP1 on Windo CA ARCserve Backup r12.0 through SP2, r12.5 before SP2, r15 through SP1, and r16 before SP1 on Windows allows remote attackers to cause a denial of service (service shutdown) via a crafted network request.

CVE-2009-3588 [MEDIUM] CVE-2009-3588: Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service via a crafted RA

CVE-2008-5415 [CRITICAL] CVE-2008-5415: The LDBserver service in the server in CA ARCserve Backup 11.1 through 12.0 on Windows allows remote The LDBserver service in the server in CA ARCserve Backup 11.1 through 12.0 on Windows allows remote attackers to execute arbitrary code via a handle_t argument to an RPC endpoint in which the argument refers to an incompatible procedure.

CVE-2008-4397 [CRITICAL] CWE-20 CVE-2008-4397: Directory traversal vulnerability in the RPC interface (asdbapi.dll) in CA ARCserve Backup (formerly Directory traversal vulnerability in the RPC interface (asdbapi.dll) in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to execute arbitrary commands via a .. (dot dot) in an RPC call with opnum 0x10A.

CVE-2008-4398 [MEDIUM] CWE-20 CVE-2008-4398: Unspecified vulnerability in the tape engine service in asdbapi.dll in CA ARCserve Backup (formerly Unspecified vulnerability in the tape engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request.

CVE-2008-4399 [MEDIUM] CWE-20 CVE-2008-4399: Unspecified vulnerability in the database engine service in asdbapi.dll in CA ARCserve Backup (forme Unspecified vulnerability in the database engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request, related to "insufficient validation."

CVE-2008-4400 [MEDIUM] CWE-20 CVE-2008-4400: Unspecified vulnerability in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) Unspecified vulnerability in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash of multiple services) via crafted authentication credentials, related to "insufficient validation."

CVE-2001-0960 [CRITICAL] CVE-2001-0960: Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 stores the backup agent user nam Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 stores the backup agent user name and password in cleartext in the aremote.dmp file in the ARCSERVE$ hidden share, which allows local and remote attackers to gain privileges.

CVE-2001-0959 [MEDIUM] CVE-2001-0959: Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 creates a hidden share named ARC Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 creates a hidden share named ARCSERVE$, which allows remote attackers to obtain sensitive information and overwrite critical files.

CVE-2001-1346 [LOW] CVE-2001-1346: Computer Associates ARCserveIT 6.61 and 6.63 (also called ARCservIT) allows local users to overwrite Computer Associates ARCserveIT 6.61 and 6.63 (also called ARCservIT) allows local users to overwrite arbitrary files via a symlink attack on the temporary files (1) asagent.tmp or (2) inetd.tmp.

CVE-1999-1049 [CRITICAL] CVE-1999-1049: ARCserve NT agents use weak encryption (XOR) for passwords, which allows remote attackers to sniff t ARCserve NT agents use weak encryption (XOR) for passwords, which allows remote attackers to sniff the authentication request to port 6050 and decrypt the password.