CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-8012
https://notcve.org/view.php?id=CVE-2016-8012
14 Mar 2017 — Access control vulnerability in Intel Security Data Loss Prevention Endpoint (DLPe) 9.4.200 and 9.3.600 allows authenticated users with Read-Write-Execute permissions to inject hook DLLs into other processes via pages in the target process memory get. Vulnerabilidad de control de acceso en Intel Security Data Loss Prevention Endpoint (DLPe) 9.4.200 y 9.3.600 permite a usuarios autenticados con permisos de lectura-escritura-ejecución inyectar DLLs de gancho en otros procesos a través de páginas en la memoria... • https://kc.mcafee.com/corporate/index?page=content&id=SB10185 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.1EPSS: 0%CPEs: 8EXPL: 2CVE-2016-3984 – McAfee VirusScan Enterprise 8.8 - Security Restrictions Bypass
https://notcve.org/view.php?id=CVE-2016-3984
08 Apr 2016 — The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Device Control (MDC) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Endpoint Security (ENS) 10.x before 10.1, Host Intrusion Prevention Service (IPS) 8.0 before 8.0.0.3624, and VirusScan Enterprise (VSE) 8.8 before P7 (8.8.0.152... • https://www.exploit-db.com/exploits/39531 • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2757
https://notcve.org/view.php?id=CVE-2015-2757
27 Mar 2015 — The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to cause a denial of service (database lock or license corruption) via unspecified vectors. La extensión ePO en McAfee Data Loss Prevention Endpoint (DLPe) anterior a 9.3 Patch 4 Hotfix 16 (9.3.416.4) permite a usuarios remotos autenticados causar una denegación de servicio (cierre de la base de datos o corrupción de licencia) a través de vectores no especificados. • http://www.securityfocus.com/bid/73399 • CWE-399: Resource Management Errors •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2758
https://notcve.org/view.php?id=CVE-2015-2758
27 Mar 2015 — The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to obtain sensitive information, modify the database, or possibly have other unspecified impact via a crafted URL. La extensión ePO en McAfee Data Loss Prevention Endpoint (DLPe) anterior a 9.3 Patch 4 Hotfix 16 (9.3.416.4) permite a usuarios remotos autenticados obtener información sensible, modificar la base de datos o posiblemente tener otro impacto no especificados ... • http://www.securityfocus.com/bid/73397 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2759
https://notcve.org/view.php?id=CVE-2015-2759
27 Mar 2015 — Multiple cross-site request forgery (CSRF) vulnerabilities in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allow remote attackers to hijack the authentication of users for requests that (1) obtain sensitive information or (2) modify the database via unspecified vectors. Múltiples vulnerabilidades de CSRF en la extensión ePO en McAfee Data Loss Prevention Endpoint (DLPe) anterior a 9.3 Patch 4 Hotfix 16 (9.3.416.4) permiten a atacantes remotos secu... • http://www.securityfocus.com/bid/73403 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2760
https://notcve.org/view.php?id=CVE-2015-2760
27 Mar 2015 — Cross-site scripting (XSS) vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la extensión ePO en McAfee Data Loss Prevention Endpoint (DLPe) anterior a 9.3 Patch 4 Hotfix 16 (9.3.416.4) permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificad... • http://www.securityfocus.com/bid/73193 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1616
https://notcve.org/view.php?id=CVE-2015-1616
17 Feb 2015 — SQL injection vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated ePO users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en la extensión ePO en McAfee Data Loss Prevention Endpoint (DLPe) anterior a 9.3.400 permite a usuarios de ePO remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados. • https://kc.mcafee.com/corporate/index?page=content&id=SB10098 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1617
https://notcve.org/view.php?id=CVE-2015-1617
17 Feb 2015 — Cross-site scripting (XSS) vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la extensión ePO en McAfee Data Loss Prevention Endpoint (DLPe) anterior a 9.3.400 permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificados. • https://kc.mcafee.com/corporate/index?page=content&id=SB10098 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1618
https://notcve.org/view.php?id=CVE-2015-1618
17 Feb 2015 — The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to obtain sensitive password information via a crafted URL. La extensión ePO extension en McAfee Data Loss Prevention Endpoint (DLPe) anterior a 9.3.400 permite a usuarios remotos autenticados obtener información sensible de contraseñas a través de una URL manipulada. • https://kc.mcafee.com/corporate/index?page=content&id=SB10098 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 5CVE-2015-1305 – McAfee Data Loss Prevention Endpoint - Arbitrary Write Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-1305
30 Jan 2015 — McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted (1) 0x00224014 or (2) 0x0022c018 IOCTL call. McAfee Data Loss Prevention Endpoint (DLPe) anterior a 9.3.400 permite a usuarios locales escribir a localizaciones de memoria arbitrarias, y como consecuencia ganar privilegios, a través de una llamada IOCTL (1) 0x00224014 o (2) 0x0022c018 manipulada. McAfee Data Loss Prevention Endpoint version 9.3... • https://packetstorm.news/files/id/130177 • CWE-264: Permissions, Privileges, and Access Controls •