CVE-2015-1619
https://notcve.org/view.php?id=CVE-2015-1619
Cross-site scripting (XSS) vulnerability in the Secure Web Mail Client user interface in McAfee Email Gateway (MEG) 7.6.x before 7.6.3.2, 7.5.x before 75.6, 7.0.x through 7.0.5, 5.6, and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified tokens in Digest messages. Vulnerabilidad de XSS en la interfaz del usuarios de Secure Web Mail Client en McAfee Email Gateway (MEG) 7.6.x anterior a 7.6.3.2, 7.5.x anterior a 75.6, 7.0.x hasta 7.0.5, 5.6, y anteriores permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a través de tokens no especificados en los mensajes Digest. • https://kc.mcafee.com/corporate/index?page=content&id=SB10099 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-6064
https://notcve.org/view.php?id=CVE-2014-6064
The Accounts tab in the administrative user interface in McAfee Web Gateway (MWG) before 7.3.2.9 and 7.4.x before 7.4.2 allows remote authenticated users to obtain the hashed user passwords via unspecified vectors. La pestaña Accounts en la interfaz de usuario de administración en McAfee Web Gateway (MWG) anterior a 7.3.2.9 y 7.4.x anterior a 7.4.2 permite a usuarios remotos autenticados obtener las contraseñas de usuarios en hash a través de vectores no especificados. • http://www.securitytracker.com/id/1030675 https://exchange.xforce.ibmcloud.com/vulnerabilities/95690 https://kc.mcafee.com/corporate/index?page=content&id=SB10080 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-2535
https://notcve.org/view.php?id=CVE-2014-2535
Directory traversal vulnerability in McAfee Web Gateway (MWG) 7.4.x before 7.4.1, 7.3.x before 7.3.2.6, and 7.2.0.9 and earlier allows remote authenticated users to read arbitrary files via a crafted request to the web filtering port. Vulnerabilidad de salto de directorio en McAfee Web Gateway (MWG) 7.4.x anterior a 7.4.1, 7.3.x anterior a 7.3.2.6 y 7.2.0.9 y anteriores permite a usuarios remotos autenticados leer archivos arbitrarios a través de una solicitud manipulada hacia el puerto de filtrado web. • http://secunia.com/advisories/56958 http://www.securityfocus.com/bid/66193 https://exchange.xforce.ibmcloud.com/vulnerabilities/91772 https://kc.mcafee.com/corporate/index?page=content&id=SB10063 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2013-7103
https://notcve.org/view.php?id=CVE-2013-7103
McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the value attribute in a (1) TestFile XML element or the (2) hostname. NOTE: this issue can be combined with CVE-2013-7092 to allow remote attackers to execute commands. McAfee Email Gateway 7.6 permite a los administradores remotos autenticados ejecutar comandos arbitrarios mediante metacaracteres de shell en el atributo valor en,(1) un elemento TestFile XML o , (2) el nombre de host. NOTA: este problema se puede combinar con CVE-2013-7092 para permitir a un atacante remoto ejecutar comandos. • http://osvdb.org/100581 http://packetstormsecurity.com/files/124277/McAfee-Email-Gateway-7.6-Command-Execution-SQL-Injection.html http://seclists.org/fulldisclosure/2013/Dec/18 http://www.securityfocus.com/bid/64150 https://exchange.xforce.ibmcloud.com/vulnerabilities/90162 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2013-7104
https://notcve.org/view.php?id=CVE-2013-7104
McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands by specifying them in the value attribute in a (1) Command or (2) Script XML element. NOTE: this issue can be combined with CVE-2013-7092 to allow remote attackers to execute commands. McAfee Email Gateway 7.6 permite a los administradores remotos autenticados ejecutar comandos arbitrarios especificando en el atributo valor en un Comando(1) o el elemento de script XML(2). NOTA: este problema se puede combinar con CVE-2013-7092 para permitir a un atacante remoto ejecutar comandos. • http://osvdb.org/100581 http://packetstormsecurity.com/files/124277/McAfee-Email-Gateway-7.6-Command-Execution-SQL-Injection.html http://seclists.org/fulldisclosure/2013/Dec/18 http://www.securityfocus.com/bid/64150 https://exchange.xforce.ibmcloud.com/vulnerabilities/90163 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •