CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7237
https://notcve.org/view.php?id=CVE-2015-7237
Directory traversal vulnerability in the remote log viewing functionality in McAfee Agent (MA) 5.x before 5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors. Vulnerabilidad en salto de directorio en la funcionalidad de visualización de registro remoto en McAfee Agent (MA) 5.x en versiones anteriores a 5.0.2, permite a atacantes remotos obtener información sensible a través de vectores no especificados . • http://www.securitytracker.com/id/1033450 https://kc.mcafee.com/corporate/index?page=content&id=SB10130 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-2053
https://notcve.org/view.php?id=CVE-2015-2053
The log viewer in McAfee Agent (MA) before 4.8.0 Patch 3 and 5.0.0, when the "Accept connections only from the ePO server" option is disabled, allows remote attackers to conduct clickjacking attacks via a crafted web page, aka an "http-generic-click-jacking" vulnerability. El visor de registros en McAfee Agent (MA) anterior a 4.8.0 Patch 3 y 5.0.0, cuando la opción 'Aceptar conexiones exclusivamente del servidor ePO' está habilitada, permite a atacantes remotos realizar ataques de clickjacking a través de una página web manipulada, también conocido como una vulnerabilidad de 'http-generic-click-jacking'. • http://www.securityfocus.com/bid/74873 http://www.securitytracker.com/id/1031821 https://kc.mcafee.com/corporate/index?page=content&id=SB10094 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2013-3627
https://notcve.org/view.php?id=CVE-2013-3627
FrameworkService.exe in McAfee Framework Service in McAfee Managed Agent (MA) before 4.5.0.1927 and 4.6 before 4.6.0.3258 allows remote attackers to cause a denial of service (service crash) via a malformed HTTP request. FrameworkService.exe en McAfee Framework Service de McAfee Managed Agent (MA) anterior a la versión 4.5.0.1927 y 4.6 anterior a 4.6.0.3258 permite a atacantes remotos provocar una denegación de servicio (cuelgue del servicio) a través de peticiones HTTP malformadas. • http://www.kb.cert.org/vuls/id/613886 https://kc.mcafee.com/corporate/index?page=content&id=SB10055 • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 1%CPEs: 9EXPL: 1CVE-2013-4883 – McAfee ePO 4.6.6 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-4883
Multiple cross-site scripting (XSS) vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePO Extension for the McAfee Agent (MA) 4.5 through 4.6, allow remote attackers to inject arbitrary web script or HTML via the (1) instanceId parameter core/loadDisplayType.do; (2) instanceId or (3) monitorUrl parameter to console/createDashboardContainer.do; uid parameter to (4) ComputerMgmt/sysDetPanelBoolPie.do or (5) ComputerMgmt/sysDetPanelSummary.do; (6) uid, (7) orion.user.security.token, or (8) ajaxMode parameter to ComputerMgmt/sysDetPanelQry.do; or (9) uid, (10) orion.user.security.token, or (11) ajaxMode parameter to ComputerMgmt/sysDetPanelSummary.do. Múltiples vulnerabilidades XSS en McAfee ePolicy Orchestrator 4.6.6 y anteriores, y el ePO Extension para McAfee Agent (MA) 4.5 a la 4.6, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través del parámetro (1) instanceId a core/loadDisplayType.do; del parámetro (2) instanceId o (3) monitorUrl a console/createDashboardContainer.do; del parámetro uid a (4) ComputerMgmt/sysDetPanelBoolPie.do o (5) ComputerMgmt/sysDetPanelSummary.do; (6) uid, (7) orion.user.security.token, o del parámetro(8) ajaxMode a ComputerMgmt/sysDetPanelQry.do; o (9) uid, (10) orion.user.security.token, o del parámetro (11) ajaxMode a ComputerMgmt/sysDetPanelSummary.do. • https://www.exploit-db.com/exploits/26807 http://osvdb.org/95187 http://osvdb.org/95188 http://osvdb.org/95189 http://osvdb.org/95190 http://osvdb.org/95191 http://www.securityfocus.com/archive/1/527228 http://www.securitytracker.com/id/1028803 https://kc.mcafee.com/corporate/index?page=content&id=KB78824 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 6%CPEs: 9EXPL: 1CVE-2013-4882 – McAfee ePO 4.6.6 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-4882
Multiple SQL injection vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePolicy Orchestrator (ePO) extension for McAfee Agent (MA) 4.5 and 4.6, allow remote authenticated users to execute arbitrary SQL commands via the uid parameter to (1) core/showRegisteredTypeDetails.do and (2) EPOAGENTMETA/DisplayMSAPropsDetail.do, a different vulnerability than CVE-2013-0140. Vulnerabilidad de inyección SQL en McAfee ePolicy Orchestrator 4.6.6 y anteriores, y el ePO Extension (ePO) para McAfee Agent (MA) 4.5 a la 4.6, permite a usuarios autenticados remotamente ejecutar comandos SQL arbitrarios a través del parámetro (1) core/showRegisteredTypeDetails.do y (2) EPOAGENTMETA/DisplayMSAPropsDetail.do. Vulnerabilidad distinta de CVE-2013-0140. • https://www.exploit-db.com/exploits/26807 http://www.securityfocus.com/archive/1/527228 http://www.securitytracker.com/id/1028803 https://kc.mcafee.com/corporate/index?page=content&id=SB10043 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •