Broadcom Unicenter Asset Management vulnerabilities

CVE-2007-0060 [CRITICAL] CVE-2007-0060: Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in CA (formerly Computer Associa Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in CA (formerly Computer Associates) Message Queuing (CAM / CAFT) software before 1.11 Build 54_4 on Windows and NetWare, as used in CA Advantage Data Transport, eTrust Admin, certain BrightStor products, certain CleverPath products, and certain Unicenter products, allows remote attackers t

CVE-2005-2669 [CRITICAL] CVE-2005-2669: Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 befor Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allows remote attackers to execute arbitrary commands via spoofed CAFT packets.

CVE-2005-2668 [CRITICAL] CVE-2005-2668: Multiple buffer overflows in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Multiple buffer overflows in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allow remote attackers to execute arbitrary code via unknown vectors.

CVE-2005-2667 [MEDIUM] CVE-2005-2667: Unknown vulnerability in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Bui Unknown vulnerability in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allows attackers to cause a denial of service via unknown vectors, aka the "CAM TCP port vulnerability."

CVE-2005-0642 [HIGH] CVE-2005-0642: SQL injection vulnerability in the Query Designer for Computer Associates (CA) Unicenter Asset Manag SQL injection vulnerability in the Query Designer for Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 allows remote attackers to execute arbitrary SQL via an imported file.

CVE-2005-0641 [MEDIUM] CVE-2005-0641: Cross-site scripting (XSS) vulnerability in the Reporter for Computer Associates (CA) Unicenter Asse Cross-site scripting (XSS) vulnerability in the Reporter for Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 allows remote attackers to inject arbitrary HTML or web script via the (1) name or (2) description in a report template.

CVE-2005-0640 [MEDIUM] CVE-2005-0640: Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 does not properly initialize the "Chan Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 does not properly initialize the "Change Credentials for Database" window, which allows local users to recover the SQL Admin password via certain methods.