CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2012-4596
https://notcve.org/view.php?id=CVE-2012-4596
Directory traversal vulnerability in McAfee Email Gateway (MEG) 7.0.0 and 7.0.1 allows remote authenticated users to bypass intended access restrictions and download arbitrary files via a crafted URL. Vulnerabilidad de salto de directorio en McAfee Email Gateway (MEG) v7.0.0 y v7.0.1, cuando está habilitado register_globals, permite a usuarios remotos autenticados a evitar las restricciones de acceso establecidas y descargar ficheros a través de una URL modificada. • http://www.securitytracker.com/id?1027444 https://kc.mcafee.com/corporate/index?page=content&id=SB10026 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2011-5101
https://notcve.org/view.php?id=CVE-2011-5101
The Rumor technology in McAfee SaaS Endpoint Protection before 5.2.4 allows remote attackers to relay e-mail messages via unspecified vectors, as demonstrated by relaying spam. La tecnología "Rumor" de McAfee SaaS Endpoint antes de v5.2.4 permite a atacantes remotos retransmitir mensajes de correo electrónico a través de vectores no especificados, tal y como se demuestra por el reenvío de spam. • https://exchange.xforce.ibmcloud.com/vulnerabilities/78274 https://kc.mcafee.com/corporate/index?page=content&id=SB10018 •
CVSS: 4.9EPSS: 0%CPEs: 4EXPL: 0CVE-2012-4582
https://notcve.org/view.php?id=CVE-2012-4582
McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to reset the passwords of arbitrary administrative accounts via unspecified vectors. McAfee Email and Web Security v5.x (EWS) antes de v5.5 Patch 6 y v5.6 antes de la revisión 3 y McAfee Email Gateway (MEG) v7.0 antes de la revisión 1 permiten a usuarios remotos autenticados cambiar las contraseñas de cuentas de administración de su elección mediante vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2012-03/0160.html https://kc.mcafee.com/corporate/index?page=content&id=SB10020 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2009-5115
https://notcve.org/view.php?id=CVE-2009-5115
McAfee Common Management Agent (CMA) 3.5.5 through 3.5.5.588 and 3.6.0 through 3.6.0.608, and McAfee Agent 4.0 before Patch 3, allows remote authenticated users to overwrite arbitrary files by accessing a report-writing ActiveX control COM object. McAfee Common Management Agent (CMA) v3.5.5 hasta v3.5.5.588 y v3.6.0 hasta v3.6.0.608, y McAfee Agent v4.0 anteriores a Patch 3, permite a usuarios remotos autentificados a sobreescribir ficheros accediendo al objeto COM que es un control ActiveX (report-writing ). • https://exchange.xforce.ibmcloud.com/vulnerabilities/78446 https://kc.mcafee.com/corporate/index?page=content&id=SB10002 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2011-5100
https://notcve.org/view.php?id=CVE-2011-5100
The web interface in McAfee Firewall Reporter before 5.1.0.13 does not properly implement cookie authentication, which allows remote attackers to obtain access, and disable anti-virus functionality, via an HTTP request. La interfaz web de McAfee Firewall Reporter antes de v5.1.0.13 no implementa correctamente la autenticación de cookies, lo que permite a atacantes remotos obtener acceso y desactivar el anti-virus, a través de una petición HTTP. • https://kc.mcafee.com/corporate/index?page=content&id=SB10015 • CWE-287: Improper Authentication •