Vulnerabilities > Broadcom > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-10-22 | CVE-2007-5472 | Cross-Site Scripting vulnerability in Broadcom Host-Based Intrusion Prevention System 8 Cross-site scripting (XSS) vulnerability in the Server component in CA Host-Based Intrusion Prevention System (HIPS) before 8.0.0.93 allows remote attackers to inject arbitrary web script or HTML via requests that are written to logs for later display in the log viewer. | 4.3 |
| 2007-10-13 | CVE-2007-5439 | Permissions, Privileges, and Access Controls vulnerability in Broadcom Etrust Integrated Threat Management 8.1 CA (formerly Computer Associates) eTrust ITM (Threat Manager) 8.1 stores sensitive user information in log files with predictable names, which allows remote attackers to obtain this information via unspecified vectors. | 5.0 |
| 2007-10-13 | CVE-2007-5437 | Link Following vulnerability in Broadcom Etrust Integrated Threat Management 8.1 The web console in CA (formerly Computer Associates) eTrust ITM (Threat Manager) 8.1 allows remote attackers to redirect users to arbitrary web sites via a crafted HTTP URL on port 6689. | 5.8 |
| 2007-10-13 | CVE-2007-5435 | Resource Management Errors vulnerability in Broadcom Erwin Process Modeler 7.2 Unspecified vulnerability in CA ERwin Process Modeler (formerly AllFusion Process Modeler) 7.2 might allow user-assisted remote attackers to cause a denial of service via a crafted Data Standards File (Datatype Standards File). | 4.3 |
| 2007-10-01 | CVE-2007-5084 | SQL Injection vulnerability in Broadcom Brightstor Hierarchical Storage Manager 11.5 Multiple SQL injection vulnerabilities in Computer Associates (CA) BrightStor Hierarchical Storage Manager (HSM) before r11.6 allow remote attackers to execute arbitrary SQL commands via CsAgent service commands with opcodes (1) 0x07, (2) 0x08, (3) 0x09, (4) 0x1E, (5) 0x32, (6) 0x36, (7) 0x40, and possibly others. | 6.8 |
| 2007-07-26 | CVE-2007-3875 | arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust Antivirus) 8 and certain other CA products allows remote attackers to cause a denial of service (infinite loop and loss of antivirus functionality) via an invalid "previous listing chunk number" field in a CHM file. | 4.3 |
| 2007-04-25 | CVE-2007-2230 | SQL Injection vulnerability in Broadcom Cleverpath Portal SQL injection vulnerability in CA Clever Path Portal allows remote authenticated users to execute limited SQL commands and retrieve arbitrary database contents via (1) the ofinterest parameter in a light search query, (2) description parameter in the advanced search query, and possibly other vectors. | 6.5 |
| 2007-03-10 | CVE-2007-1345 | Unspecified vulnerability in Broadcom Etrust Admin 8.1/8.1.1/8.1.2 Unspecified vulnerability in cube.exe in the GINA component for CA (Computer Associates) eTrust Admin 8.1.0 through 8.1.2 allows attackers with physical interactive or Remote Desktop access to bypass authentication and gain privileges via the password reset interface. local broadcom | 4.1 |
| 2007-02-07 | CVE-2007-0816 | Unspecified vulnerability in Broadcom Brightstor Arcserve Backup 11/11.1/11.5 The RPC Server service (catirpc.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 SP2 and earlier allows remote attackers to cause a denial of service (service crash) via a crafted TADDR2UADDR that triggers a null pointer dereference in catirpc.dll, possibly related to null credentials or verifier fields. | 5.0 |
| 2006-12-13 | CVE-2006-6496 | Unspecified vulnerability in Broadcom Etrust Antivirus and Internet Security Suite The (1) VetMONNT.sys and (2) VetFDDNT.sys drivers in CA Anti-Virus 2007 8.1, Anti-Virus for Vista Beta 8.2, and CA Internet Security Suite 2007 v3.0 do not properly handle NULL buffers, which allows local users with administrative access to cause a denial of service (system crash) via certain IOCTLs. local broadcom | 6.6 |