CVE-2011-1653 Information

Description

Multiple SQL injection vulnerabilities in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 allow remote attackers to execute arbitrary SQL commands via vectors involving the (1) UnAssignFunctionalRoles (2) UnassignAdminRoles (3) DeleteFilter (4) NonAssignedUserList (5) DeleteReportLayout (6) DeleteReports and (7) RegenerateReport stored procedures.

Reference

http://secunia.com/advisories/44097 http://securityreason.com/securityalert/8403 http://securitytracker.com/id?1025353 http://www.securityfocus.com/archive/1/517489/100/0/threaded http://www.securityfocus.com/archive/1/517490/100/0/threaded http://www.securityfocus.com/archive/1/517491/100/0/threaded http://www.securityfocus.com/archive/1/517493/100/0/threaded http://www.securityfocus.com/archive/1/517494/100/0/threaded http://www.securityfocus.com/archive/1/517496/100/0/threaded http://www.securityfocus.com/archive/1/517497/100/0/threaded http://www.securityfocus.com/archive/1/517498/100/0/threaded http://www.securityfocus.com/bid/47355 http://www.vupen.com/english/advisories/2011/0977 http://www.zerodayinitiative.com/advisories/ZDI-11-128/ http://www.zerodayinitiative.com/advisories/ZDI-11-129/ http://www.zerodayinitiative.com/advisories/ZDI-11-130/ http://www.zerodayinitiative.com/advisories/ZDI-11-131/ http://www.zerodayinitiative.com/advisories/ZDI-11-132/ http://www.zerodayinitiative.com/advisories/ZDI-11-133/ http://www.zerodayinitiative.com/advisories/ZDI-11-134/ https://exchange.xforce.ibmcloud.com/vulnerabilities/66725 https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=CD065CEC-AFE2-4D9D-8E0B-BE7F6E345866