QwikSec

Security Database

CVE

CWE

Training

CVE-2011-1653

Published: Apr 15, 2011

Modified: Aug 6, 2024

PUBLISHED

Description

Multiple SQL injection vulnerabilities in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 allow remote attackers to execute arbitrary SQL commands via vectors involving the (1) UnAssignFunctionalRoles, (2) UnassignAdminRoles, (3) DeleteFilter, (4) NonAssignedUserList, (5) DeleteReportLayout, (6) DeleteReports, and (7) RegenerateReport stored procedures.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

totaldefense-multiple-sql-injection(66725)

vdb-entry

x_refsource_XF

http://www.zerodayinitiative.com/advisories/ZDI-11-128/

x_refsource_MISC

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SREASON

vdb-entry

x_refsource_BID

20110413 ZDI-11-128: CA Total Defense Suite UnassignFunctionalUsers Stored Procedure SQL Injection Vulnerability

mailing-list

x_refsource_BUGTRAQ

http://www.zerodayinitiative.com/advisories/ZDI-11-133/

x_refsource_MISC

20110413 ZDI-11-134: CA Total Defense Suite UNC Management Console RegenerateReport SQL Injection Vulnerability

mailing-list

x_refsource_BUGTRAQ

20110413 ZDI-11-130: CA Total Defense Suite UNC Management Console DeleteFilter SQL Injection Vulnerability

mailing-list

x_refsource_BUGTRAQ

http://www.zerodayinitiative.com/advisories/ZDI-11-129/

x_refsource_MISC

vdb-entry

x_refsource_VUPEN

vdb-entry

x_refsource_SECTRACK

20110413 ZDI-11-131: CA Total Defense Suite NonAssignedUserList Stored Procedure SQL Injection Vulnerability

mailing-list

x_refsource_BUGTRAQ

https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7BCD065CEC-AFE2-4D9D-8E0B-BE7F6E345866%7D

x_refsource_CONFIRM

http://www.zerodayinitiative.com/advisories/ZDI-11-134/

x_refsource_MISC

20110413 ZDI-11-132: CA Total Defense Suite UNC Management Console DeleteReportLayout SQL Injection Vulnerability

mailing-list

x_refsource_BUGTRAQ

http://www.zerodayinitiative.com/advisories/ZDI-11-132/

x_refsource_MISC

http://www.zerodayinitiative.com/advisories/ZDI-11-131/

x_refsource_MISC

20110413 ZDI-11-133: CA Total Defense Suite UNC Management Console DeleteReports SQL Injection Vulnerability

mailing-list

x_refsource_BUGTRAQ

20110413 CA20110413-01: Security Notice for CA Total Defense

mailing-list

x_refsource_BUGTRAQ

http://www.zerodayinitiative.com/advisories/ZDI-11-130/

x_refsource_MISC

20110413 ZDI-11-129: CA Total Defense Suite UnassignAdminRoles Stored Procedure SQL Injection Vulnerability

mailing-list

x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.