CVSS: 6.1EPSS: 3%CPEs: 9EXPL: 1CVE-2013-4883 – McAfee ePO 4.6.6 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-4883
21 Jul 2013 — Multiple cross-site scripting (XSS) vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePO Extension for the McAfee Agent (MA) 4.5 through 4.6, allow remote attackers to inject arbitrary web script or HTML via the (1) instanceId parameter core/loadDisplayType.do; (2) instanceId or (3) monitorUrl parameter to console/createDashboardContainer.do; uid parameter to (4) ComputerMgmt/sysDetPanelBoolPie.do or (5) ComputerMgmt/sysDetPanelSummary.do; (6) uid, (7) orion.user.security.token, or ... • https://www.exploit-db.com/exploits/26807 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.4EPSS: 30%CPEs: 9EXPL: 3CVE-2008-1357 – McAfee Framework ePolicy 3.x - Orchestrator '_naimcomn_Log' Remote Format String
https://notcve.org/view.php?id=CVE-2008-1357
17 Mar 2008 — Format string vulnerability in the logDetail function of applib.dll in McAfee Common Management Agent (CMA) 3.6.0.574 (Patch 3) and earlier, as used in ePolicy Orchestrator 4.0.0 build 1015, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in a sender field in an AgentWakeup request to UDP port 8082. NOTE: this issue only exists when the debug level is 8. Vulnerabilidad en el formato de cadena en la función logDetail de applib.dlld en McAfee... • https://www.exploit-db.com/exploits/31399 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 9.8EPSS: 12%CPEs: 6EXPL: 0CVE-2006-5274
https://notcve.org/view.php?id=CVE-2006-5274
12 Jul 2007 — Integer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.5.5.438 allows remote attackers to cause a denial of service (CMA Framework service crash) and possibly execute arbitrary code via unspecified vectors. Desbordamiento de entero en McAfee ePolicy Orchestrator 3.5 hasta 3.6.1, ProtectionPilot 1.1.1 y 1.5, y Common Management Agent (CMA) 3.5.5.438 permite a atacantes remotos provocar una denegación de servicio (caída del servici... • http://secunia.com/advisories/26029 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2006-3623
https://notcve.org/view.php?id=CVE-2006-3623
14 Jul 2006 — Directory traversal vulnerability in Framework Service component in McAfee ePolicy Orchestrator agent 3.5.0.x and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the directory and filename in a PropsResponse (PackageType) request. Vulnerabilidad de salto de directorio en el componente Framework Service en McAfee ePolicy Orchestrator agent 3.5.0.x y anteriores permite a atacantes remotos crear archivos de su elección a través de una secuencia .. (punto punto) en el directorio ... • http://secunia.com/advisories/21037 •