CVSS: 8.8EPSS: 1%CPEs: 9EXPL: 1CVE-2013-4882 – McAfee ePO 4.6.6 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-4882
21 Jul 2013 — Multiple SQL injection vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePolicy Orchestrator (ePO) extension for McAfee Agent (MA) 4.5 and 4.6, allow remote authenticated users to execute arbitrary SQL commands via the uid parameter to (1) core/showRegisteredTypeDetails.do and (2) EPOAGENTMETA/DisplayMSAPropsDetail.do, a different vulnerability than CVE-2013-0140. Vulnerabilidad de inyección SQL en McAfee ePolicy Orchestrator 4.6.6 y anteriores, y el ePO Extension (ePO) para McAfee ... • https://www.exploit-db.com/exploits/26807 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 3%CPEs: 9EXPL: 1CVE-2013-4883 – McAfee ePO 4.6.6 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-4883
21 Jul 2013 — Multiple cross-site scripting (XSS) vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePO Extension for the McAfee Agent (MA) 4.5 through 4.6, allow remote attackers to inject arbitrary web script or HTML via the (1) instanceId parameter core/loadDisplayType.do; (2) instanceId or (3) monitorUrl parameter to console/createDashboardContainer.do; uid parameter to (4) ComputerMgmt/sysDetPanelBoolPie.do or (5) ComputerMgmt/sysDetPanelSummary.do; (6) uid, (7) orion.user.security.token, or ... • https://www.exploit-db.com/exploits/26807 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 4%CPEs: 21EXPL: 2CVE-2013-0140 – McAfee ePolicy Orchestrator 4.6.0 < 4.6.5 - 'ePowner' Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-0140
01 May 2013 — SQL injection vulnerability in the Agent-Handler component in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to execute arbitrary SQL commands via a crafted request over the Agent-Server communication channel. Vulnerabilidad de inyección SQL en el componente Agent-Handler de McAfee ePolicy Orchestrator (ePO) anterior a v4.5.7 y v4.6.x anterior a v4.6.6 permite a atacantes remotos ejecutar comandos SQL de su elección a través una petición manipulada sobre el can... • https://packetstorm.news/files/id/126364 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.1EPSS: 0%CPEs: 21EXPL: 1CVE-2013-0141 – McAfee ePolicy Owner (ePowner) 0.1
https://notcve.org/view.php?id=CVE-2013-0141
01 May 2013 — Directory traversal vulnerability in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to upload arbitrary files via a crafted request over the Agent-Server communication channel, as demonstrated by writing to the Software/ directory. Vulnerabilidad de salto de directorio en McAfee ePolicy Orchestrator (ePO) anterior a 4.5.7 y 4.6.x anterior a 4.6.6, permite a atacantes remotos la subida arbitraria de archivos a través de una petición manipulada sobre el canal de ... • https://packetstorm.news/files/id/126364 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0CVE-2012-4594
https://notcve.org/view.php?id=CVE-2012-4594
22 Aug 2012 — McAfee ePolicy Orchestrator (ePO) 4.6.1 and earlier allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information from arbitrary reporting panels, via a modified ID value in a console URL. McAfee ePolicy Orchestrator (ePO) v4.6.1 y anteriores permite a los usuarios autentificados remotos a evitar las restricciones de acceso establecidas, y obtener información sensible de paneles de información, a través de valores ID modificados en una consola URL. • https://exchange.xforce.ibmcloud.com/vulnerabilities/78132 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 74%CPEs: 4EXPL: 4CVE-2006-5156 – McAfee ePo 3.5.0 / ProtectionPilot 1.1.0 - Source Remote
https://notcve.org/view.php?id=CVE-2006-5156
03 Oct 2006 — Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126 allows remote attackers to execute arbitrary code via a request to /spipe/pkg/ with a long source header. Desbordamiento de búfer en McAfee ePolicy Orchestrator anterior a 3.5.0.720 y ProtectionPilot anterior a 1.1.1.126 permite a atacantes remotos ejecutar código de su elección mediante una petición a /spipe/pkg/ con una cabecera fuente larga. • https://www.exploit-db.com/exploits/2467 •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 0CVE-2004-0038
https://notcve.org/view.php?id=CVE-2004-0038
30 Apr 2004 — McAfee ePolicy Orchestrator (ePO) 2.5.1 Patch 13 and 3.0 SP2a Patch 3 allows remote attackers to execute arbitrary commands via certain HTTP POST requests to the spipe/file handler on ePO TCP port 81. mcAfee ePolicy Orchestrator (ePO) 2.5.1 Patch 13 y 3.0 SP2a Patch 3 permite a atacantes remotos ejecutar órdenes arbitrarias mediante ciertas peticiones HTTP POST al manejador "spipe/file" de ePO en el puerto TCP 81. • http://download.nai.com/products/patches/ePO/v2.x/Patch14.txt •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2003-0148
https://notcve.org/view.php?id=CVE-2003-0148
01 Aug 2003 — The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 through 3.0 allows attackers to execute arbitrary code via a series of steps that (1) obtain the database administrator username and encrypted password in a configuration file from the ePO server using a certain request, (2) crack the password due to weak cryptography, and (3) use the password to pass commands through xp_cmdshell. La instalación por defecto de MSDE mediante McAfee ePolicy Orchestrator 2.0 a 3.0 permite a atacantes ejecutar... • http://www.atstake.com/research/advisories/2003/a073103-1.txt •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2003-0610
https://notcve.org/view.php?id=CVE-2003-0610
01 Aug 2003 — Directory traversal vulnerability in ePO agent for McAfee ePolicy Orchestrator 3.0 allows remote attackers to read arbitrary files via a certain HTTP request. Vulnerabilidad de cruce de directorios en el agente ePO de McAfee ePolicy Orchestrator 3.0 permite a atacantes remotos leer ficheros arbitrarios mediante una cierta petición HTTP. • http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp •