CVSS: 7.6EPSS: 3%CPEs: 6EXPL: 0CVE-2006-5274
https://notcve.org/view.php?id=CVE-2006-5274
Integer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.5.5.438 allows remote attackers to cause a denial of service (CMA Framework service crash) and possibly execute arbitrary code via unspecified vectors. Desbordamiento de entero en McAfee ePolicy Orchestrator 3.5 hasta 3.6.1, ProtectionPilot 1.1.1 y 1.5, y Common Management Agent (CMA) 3.5.5.438 permite a atacantes remotos provocar una denegación de servicio (caída del servicio CMA Framework) y posiblemente ejecutar código de su elección mediante vectores no especificados. • http://secunia.com/advisories/26029 http://www.iss.net/threats/269.html http://www.osvdb.org/36101 http://www.securityfocus.com/bid/24863 http://www.securitytracker.com/id?1018363 http://www.vupen.com/english/advisories/2007/2498 https://exchange.xforce.ibmcloud.com/vulnerabilities/31165 https://knowledge.mcafee.com/article/764/613367_f.SAL_Public.html •
CVSS: 9.3EPSS: 87%CPEs: 5EXPL: 0CVE-2007-1498
https://notcve.org/view.php?id=CVE-2007-1498
Multiple stack-based buffer overflows in the SiteManager.SiteMgr.1 ActiveX control (SiteManager.dll) in the ePO management console in McAfee ePolicy Orchestrator (ePO) before 3.6.1 Patch 1 and ProtectionPilot (PRP) before 1.5.0 HotFix allow remote attackers to execute arbitrary code via a long argument to the (1) ExportSiteList and (2) VerifyPackageCatalog functions, and (3) unspecified vectors involving a swprintf function call. Múltiples desbordamientos de búfer basados en pila en el control ActiveX Site Manager.SiteMgr.1 (SiteManager.dll) en la consola de administración ePO de McAfee ePolicy Orchestrator (ePO) anterior a 3.6.1 Patch 1 y ProtectionPilot (PRP) anterior a 1.5.0 HotFix permiten a atacantes remotos ejecutar código de su elección mediante un argumento largo para las funciones (1) ExportSiteList y (2) VerifyPackageCatalog, y (3) vectores no especificados relacionados con una llamada a la función swprintf. • http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/052960.html http://secunia.com/advisories/24466 http://securityreason.com/securityalert/2444 http://www.kb.cert.org/vuls/id/714593 http://www.securityfocus.com/bid/22952 http://www.securitytracker.com/id?1017757 http://www.vupen.com/english/advisories/2007/0931 https://knowledge.mcafee.com/article/25/612495_f.SAL_Public.html https://knowledge.mcafee.com/article/26/612496_f.SAL_Public.html •
CVSS: 10.0EPSS: 97%CPEs: 4EXPL: 4CVE-2006-5156 – McAfee ePo 3.5.0 / ProtectionPilot 1.1.0 - Source Remote
https://notcve.org/view.php?id=CVE-2006-5156
Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126 allows remote attackers to execute arbitrary code via a request to /spipe/pkg/ with a long source header. Desbordamiento de búfer en McAfee ePolicy Orchestrator anterior a 3.5.0.720 y ProtectionPilot anterior a 1.1.1.126 permite a atacantes remotos ejecutar código de su elección mediante una petición a /spipe/pkg/ con una cabecera fuente larga. • https://www.exploit-db.com/exploits/2467 https://www.exploit-db.com/exploits/16783 http://download.nai.com/products/patches/ePO/v3.5/EPO3506.txt http://download.nai.com/products/patches/protectionpilot/v1.1.1/PRP1113.txt http://knowledge.mcafee.com/SupportSite/search.do?cmd=displayKC&docType=kc&externalId=8611438&sliceId=SAL_Public&dialogID=2997768&stateId=0%200%202995803 http://knowledge.mcafee.com/article/365/8611438_f.SAL_Public.html http://lists.grok.org.uk/pipermail/full-disclosure/2006 •