CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-3007
https://notcve.org/view.php?id=CVE-2011-3007
The myCIOScn ActiveX control (myCIOScn.dll) in McAfee SaaS Endpoint Protection 5.2.1 and earlier allows remote attackers to write to arbitrary files by specifying an arbitrary filename in the MyCioScan.Scan.ReportFile parameter, as demonstrated by injecting script into a log file and executing arbitrary code using the MyCioScan.Scan.Start method. El myCIOScn control ActiveX (myCIOScn.dll) en McAfee Endpoint SaaS Protection v5.2.1 y anteriores, permite a atacantes remotos escribir en archivos arbitrarios especificando un nombre de archivo arbitrario en el parámetro MyCioScan.Scan.ReportFile, como se ha demostrado mediante la inyección de secuencias de comandos en un archivo de registro y la ejecución de código arbitrario usando el método de MyCioScan.Scan.Start. • http://dvlabs.tippingpoint.com/advisory/TPTI-11-13 http://osvdb.org/74513 https://exchange.xforce.ibmcloud.com/vulnerabilities/69093 https://kc.mcafee.com/corporate/index?page=content&id=SB10016 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 2CVE-2010-2290
https://notcve.org/view.php?id=CVE-2010-2290
Cross-site scripting (XSS) vulnerability in cgi-bin/cgix/help in McAfee Unified Threat Management (UTM) Firewall (formerly SnapGear) firmware 3.0.0 through 4.0.6 allows remote attackers to inject arbitrary web script or HTML via the page parameter. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el firmware cgi-bin/cgix/help en McAfee Unified Threat Management (UTM) Firewall (formalmente SnapGear) v3.0.0 hasta v4.0.6, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro page. • http://ngenuity-is.com/advisories/2010/jun/9/mcafee-utm-firewall-help-cross-site-scripting http://secunia.com/advisories/40089 http://secunia.com/advisories/40138 http://www.securityfocus.com/archive/1/511771/100/0/threaded http://www.securitytracker.com/id?1024091 http://www.vupen.com/english/advisories/2010/1413 https://kc.mcafee.com/corporate/index?page=content&id=SB10010 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2010-2116
https://notcve.org/view.php?id=CVE-2010-2116
The web interface in McAfee Email Gateway (formerly IronMail) 6.7.1 allows remote authenticated users, with only Read privileges, to gain Write privileges to modify configuration via the save action in a direct request to admin/systemWebAdminConfig.do. La interfaz web en McAfee Email Gateway (formerly IronMail) v6.7.1 permite a usuarios autenticados remotamente, sólo con privilegios de lectura, obtener prvilegios de escritura modificando la configuración a través de una acción "save" en una petición directa a admin/systemWebAdminConfig.do. • http://osvdb.org/64832 http://secunia.com/advisories/39881 http://www.cybsec.com/vuln/cybsec_advisory_2010_0501_Ironmail_Advisory_Web_Access_Broken.pdf http://www.securitytracker.com/id?1024018 http://www.vupen.com/english/advisories/2010/1239 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 3CVE-2009-3565 – McAfee Network Security Manager < 5.1.11.8.1 - Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-3565
Multiple cross-site scripting (XSS) vulnerabilities in intruvert/jsp/module/Login.jsp in McAfee IntruShield Network Security Manager (NSM) before 5.1.11.6 allow remote attackers to inject arbitrary web script or HTML via the (1) iaction or (2) node parameter. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en intruvert/jsp/module/Login.jsp en McAfee IntruShield Network Security Manager (NSM) en versiones anteriores a la 5.1.11.6 permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro (1) iaction o (2) node. The McAfee Network Security Manager suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/10061 https://www.exploit-db.com/exploits/33346 http://kc.mcafee.com/corporate/index?page=content&id=SB10004 http://secunia.com/advisories/37178 http://securitytracker.com/id?1023171 http://www.osvdb.org/59911 http://www.secureworks.com/ctu/advisories/SWRX-2009-001 http://www.securityfocus.com/archive/1/507820/100/0/threaded http://www.securityfocus.com/bid/37003 http://www.vupen.com/english/advisories/2009/3226 https://exchange. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 1%CPEs: 3EXPL: 2CVE-2009-3566 – McAfee Network Security Manager 5.1.7 - Information Disclosure
https://notcve.org/view.php?id=CVE-2009-3566
McAfee IntruShield Network Security Manager (NSM) before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site scripting (XSS) vulnerability. McAfee IntruShield Network Security Manager (NSM) en versiones anteriores a la 5.1.11.8.1 no incluye la bandera (flag) HTTPOnly en la cabecera Set-Cookie para la identificación de la sesión, lo que permite a atacantes remotos secuestrar una sesión aprovechando una vulnerabilidad de secuencias de comandos en sitios cruzados (XSS). The McAfee Network Security Manager suffers from authentication bypass and session hijacking vulnerabilities. • https://www.exploit-db.com/exploits/33347 http://secunia.com/advisories/37178 http://securitytracker.com/id?1023172 http://www.osvdb.org/59912 http://www.secureworks.com/ctu/advisories/SWRX-2009-002 http://www.securityfocus.com/archive/1/507822/100/0/threaded http://www.securityfocus.com/bid/37004 http://www.vupen.com/english/advisories/2009/3226 https://exchange.xforce.ibmcloud.com/vulnerabilities/54251 https://kc.mcafee.com/corporate/index?page=content&id=SB10005 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •