CVSS: 10.0EPSS: 72%CPEs: 1EXPL: 0CVE-2006-0559
https://notcve.org/view.php?id=CVE-2006-0559
Format string vulnerability in the SMTP server for McAfee WebShield 4.5 MR2 and earlier allows remote attackers to execute arbitrary code via format strings in the domain name portion of a destination address, which are not properly handled when a bounce message is constructed. • http://secunia.com/advisories/19491 http://securityreason.com/securityalert/671 http://securitytracker.com/id?1015861 http://www.osvdb.org/24366 http://www.securityfocus.com/archive/1/429812/100/0/threaded http://www.securityfocus.com/bid/16742 http://www.vupen.com/english/advisories/2006/1219 https://exchange.xforce.ibmcloud.com/vulnerabilities/25621 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2006-0982
https://notcve.org/view.php?id=CVE-2006-0982
The on-access scanner for McAfee Virex 7.7 for Macintosh, in some circumstances, might not activate when malicious content is accessed from the web browser, and might not prevent the content from being saved, which allows remote attackers to bypass virus protection, as demonstrated using the EICAR test file. • http://www.securityfocus.com/archive/1/426348/100/0/threaded •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 3CVE-2005-4505 – McAfee VirusScan 8.0 - Path Specification Privilege Escalation
https://notcve.org/view.php?id=CVE-2005-4505
Unquoted Windows search path vulnerability in McAfee VirusScan Enterprise 8.0i (patch 11) and CMA 3.5 (patch 5) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run by naPrdMgr.exe when it attempts to execute EntVUtil.EXE under an unquoted "Program Files" path. • https://www.exploit-db.com/exploits/26970 http://reedarvin.thearvins.com/20051222-01.html http://securityreason.com/securityalert/292 http://securitytracker.com/id?1015404 http://www.securityfocus.com/archive/1/420104/100/0/threaded http://www.securityfocus.com/bid/16040 http://www.vupen.com/english/advisories/2005/3077 https://exchange.xforce.ibmcloud.com/vulnerabilities/23815 •
CVSS: 5.0EPSS: 41%CPEs: 12EXPL: 0CVE-2005-3657
https://notcve.org/view.php?id=CVE-2005-3657
The ActiveX control in MCINSCTL.DLL for McAfee VirusScan Security Center does not use the IObjectSafetySiteLock API to restrict access to required domains, which allows remote attackers to create or append to arbitrary files via the StartLog and AddLog methods in the MCINSTALL.McLog object. • http://secunia.com/advisories/18169 http://securityreason.com/securityalert/279 http://securitytracker.com/id?1015390 http://www.idefense.com/intelligence/vulnerabilities/display.php?id=358 http://www.securityfocus.com/bid/15986 http://www.vupen.com/english/advisories/2005/3006 •
CVSS: 5.1EPSS: 1%CPEs: 2EXPL: 0CVE-2005-3377
https://notcve.org/view.php?id=CVE-2005-3377
Multiple interpretation error in (1) McAfee Internet Security Suite 7.1.5 version 9.1.08 with the 4.4.00 engine and (2) McAfee Corporate 8.0.0 patch 10 with the 4400 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." • http://marc.info/?l=bugtraq&m=113026417802703&w=2 http://www.securityelf.org/magicbyte.html http://www.securityelf.org/magicbyteadv.html http://www.securityelf.org/updmagic.html http://www.securityfocus.com/bid/15189 •