CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1618
https://notcve.org/view.php?id=CVE-2015-1618
The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to obtain sensitive password information via a crafted URL. La extensión ePO extension en McAfee Data Loss Prevention Endpoint (DLPe) anterior a 9.3.400 permite a usuarios remotos autenticados obtener información sensible de contraseñas a través de una URL manipulada. • https://kc.mcafee.com/corporate/index?page=content&id=SB10098 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1616
https://notcve.org/view.php?id=CVE-2015-1616
SQL injection vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated ePO users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en la extensión ePO en McAfee Data Loss Prevention Endpoint (DLPe) anterior a 9.3.400 permite a usuarios de ePO remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados. • https://kc.mcafee.com/corporate/index?page=content&id=SB10098 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 3.5EPSS: 0%CPEs: 17EXPL: 0CVE-2015-1619
https://notcve.org/view.php?id=CVE-2015-1619
Cross-site scripting (XSS) vulnerability in the Secure Web Mail Client user interface in McAfee Email Gateway (MEG) 7.6.x before 7.6.3.2, 7.5.x before 75.6, 7.0.x through 7.0.5, 5.6, and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified tokens in Digest messages. Vulnerabilidad de XSS en la interfaz del usuarios de Secure Web Mail Client en McAfee Email Gateway (MEG) 7.6.x anterior a 7.6.3.2, 7.5.x anterior a 75.6, 7.0.x hasta 7.0.5, 5.6, y anteriores permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a través de tokens no especificados en los mensajes Digest. • https://kc.mcafee.com/corporate/index?page=content&id=SB10099 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1617
https://notcve.org/view.php?id=CVE-2015-1617
Cross-site scripting (XSS) vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la extensión ePO en McAfee Data Loss Prevention Endpoint (DLPe) anterior a 9.3.400 permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificados. • https://kc.mcafee.com/corporate/index?page=content&id=SB10098 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 4CVE-2015-1305 – McAfee Data Loss Prevention Endpoint - Arbitrary Write Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-1305
McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted (1) 0x00224014 or (2) 0x0022c018 IOCTL call. McAfee Data Loss Prevention Endpoint (DLPe) anterior a 9.3.400 permite a usuarios locales escribir a localizaciones de memoria arbitrarias, y como consecuencia ganar privilegios, a través de una llamada IOCTL (1) 0x00224014 o (2) 0x0022c018 manipulada. McAfee Data Loss Prevention Endpoint version 9.3.200.23 suffers from an arbitrary write privilege escalation vulnerability. • https://www.exploit-db.com/exploits/35953 http://packetstormsecurity.com/files/130177/McAfee-Data-Loss-Prevention-Endpoint-Privilege-Escalation.html http://www.exploit-db.com/exploits/35953 http://www.greyhathacker.net/?p=818 http://www.osvdb.org/show/osvdb/117345 https://exchange.xforce.ibmcloud.com/vulnerabilities/100602 https://kc.mcafee.com/corporate/index?page=content&id=SB10097 • CWE-264: Permissions, Privileges, and Access Controls •