CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 1CVE-2014-2205
https://notcve.org/view.php?id=CVE-2014-2205
26 Feb 2014 — The Import and Export Framework in McAfee ePolicy Orchestrator (ePO) before 4.6.7 Hotfix 940148 allows remote authenticated users with permissions to add dashboards to read arbitrary files by importing a crafted XML file, related to an XML External Entity (XXE) issue. El Framework Import and Export en McAfee ePolicy Orchestrator (ePO) anterior a 4.6.7 Hotfix 940148 permite a usuarios remotos autenticados con permisos para añadir cuadros de mando leer archivos arbitrarios mediante la importación de un archiv... • http://secunia.com/advisories/57114 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 1%CPEs: 9EXPL: 1CVE-2013-4882 – McAfee ePO 4.6.6 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-4882
21 Jul 2013 — Multiple SQL injection vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePolicy Orchestrator (ePO) extension for McAfee Agent (MA) 4.5 and 4.6, allow remote authenticated users to execute arbitrary SQL commands via the uid parameter to (1) core/showRegisteredTypeDetails.do and (2) EPOAGENTMETA/DisplayMSAPropsDetail.do, a different vulnerability than CVE-2013-0140. Vulnerabilidad de inyección SQL en McAfee ePolicy Orchestrator 4.6.6 y anteriores, y el ePO Extension (ePO) para McAfee ... • https://www.exploit-db.com/exploits/26807 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 3%CPEs: 9EXPL: 1CVE-2013-4883 – McAfee ePO 4.6.6 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-4883
21 Jul 2013 — Multiple cross-site scripting (XSS) vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePO Extension for the McAfee Agent (MA) 4.5 through 4.6, allow remote attackers to inject arbitrary web script or HTML via the (1) instanceId parameter core/loadDisplayType.do; (2) instanceId or (3) monitorUrl parameter to console/createDashboardContainer.do; uid parameter to (4) ComputerMgmt/sysDetPanelBoolPie.do or (5) ComputerMgmt/sysDetPanelSummary.do; (6) uid, (7) orion.user.security.token, or ... • https://www.exploit-db.com/exploits/26807 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 4%CPEs: 21EXPL: 2CVE-2013-0140 – McAfee ePolicy Orchestrator 4.6.0 < 4.6.5 - 'ePowner' Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-0140
01 May 2013 — SQL injection vulnerability in the Agent-Handler component in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to execute arbitrary SQL commands via a crafted request over the Agent-Server communication channel. Vulnerabilidad de inyección SQL en el componente Agent-Handler de McAfee ePolicy Orchestrator (ePO) anterior a v4.5.7 y v4.6.x anterior a v4.6.6 permite a atacantes remotos ejecutar comandos SQL de su elección a través una petición manipulada sobre el can... • https://packetstorm.news/files/id/126364 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.1EPSS: 0%CPEs: 21EXPL: 1CVE-2013-0141 – McAfee ePolicy Owner (ePowner) 0.1
https://notcve.org/view.php?id=CVE-2013-0141
01 May 2013 — Directory traversal vulnerability in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to upload arbitrary files via a crafted request over the Agent-Server communication channel, as demonstrated by writing to the Software/ directory. Vulnerabilidad de salto de directorio en McAfee ePolicy Orchestrator (ePO) anterior a 4.5.7 y 4.6.x anterior a 4.6.6, permite a atacantes remotos la subida arbitraria de archivos a través de una petición manipulada sobre el canal de ... • https://packetstorm.news/files/id/126364 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •