CVSS: 7.6EPSS: 3%CPEs: 6EXPL: 0CVE-2006-5274
https://notcve.org/view.php?id=CVE-2006-5274
Integer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.5.5.438 allows remote attackers to cause a denial of service (CMA Framework service crash) and possibly execute arbitrary code via unspecified vectors. Desbordamiento de entero en McAfee ePolicy Orchestrator 3.5 hasta 3.6.1, ProtectionPilot 1.1.1 y 1.5, y Common Management Agent (CMA) 3.5.5.438 permite a atacantes remotos provocar una denegación de servicio (caída del servicio CMA Framework) y posiblemente ejecutar código de su elección mediante vectores no especificados. • http://secunia.com/advisories/26029 http://www.iss.net/threats/269.html http://www.osvdb.org/36101 http://www.securityfocus.com/bid/24863 http://www.securitytracker.com/id?1018363 http://www.vupen.com/english/advisories/2007/2498 https://exchange.xforce.ibmcloud.com/vulnerabilities/31165 https://knowledge.mcafee.com/article/764/613367_f.SAL_Public.html •
CVSS: 9.3EPSS: 87%CPEs: 5EXPL: 0CVE-2007-1498
https://notcve.org/view.php?id=CVE-2007-1498
Multiple stack-based buffer overflows in the SiteManager.SiteMgr.1 ActiveX control (SiteManager.dll) in the ePO management console in McAfee ePolicy Orchestrator (ePO) before 3.6.1 Patch 1 and ProtectionPilot (PRP) before 1.5.0 HotFix allow remote attackers to execute arbitrary code via a long argument to the (1) ExportSiteList and (2) VerifyPackageCatalog functions, and (3) unspecified vectors involving a swprintf function call. Múltiples desbordamientos de búfer basados en pila en el control ActiveX Site Manager.SiteMgr.1 (SiteManager.dll) en la consola de administración ePO de McAfee ePolicy Orchestrator (ePO) anterior a 3.6.1 Patch 1 y ProtectionPilot (PRP) anterior a 1.5.0 HotFix permiten a atacantes remotos ejecutar código de su elección mediante un argumento largo para las funciones (1) ExportSiteList y (2) VerifyPackageCatalog, y (3) vectores no especificados relacionados con una llamada a la función swprintf. • http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/052960.html http://secunia.com/advisories/24466 http://securityreason.com/securityalert/2444 http://www.kb.cert.org/vuls/id/714593 http://www.securityfocus.com/bid/22952 http://www.securitytracker.com/id?1017757 http://www.vupen.com/english/advisories/2007/0931 https://knowledge.mcafee.com/article/25/612495_f.SAL_Public.html https://knowledge.mcafee.com/article/26/612496_f.SAL_Public.html •
CVSS: 10.0EPSS: 97%CPEs: 4EXPL: 4CVE-2006-5156 – McAfee ePo 3.5.0 / ProtectionPilot 1.1.0 - Source Remote
https://notcve.org/view.php?id=CVE-2006-5156
Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126 allows remote attackers to execute arbitrary code via a request to /spipe/pkg/ with a long source header. Desbordamiento de búfer en McAfee ePolicy Orchestrator anterior a 3.5.0.720 y ProtectionPilot anterior a 1.1.1.126 permite a atacantes remotos ejecutar código de su elección mediante una petición a /spipe/pkg/ con una cabecera fuente larga. • https://www.exploit-db.com/exploits/2467 https://www.exploit-db.com/exploits/16783 http://download.nai.com/products/patches/ePO/v3.5/EPO3506.txt http://download.nai.com/products/patches/protectionpilot/v1.1.1/PRP1113.txt http://knowledge.mcafee.com/SupportSite/search.do?cmd=displayKC&docType=kc&externalId=8611438&sliceId=SAL_Public&dialogID=2997768&stateId=0%200%202995803 http://knowledge.mcafee.com/article/365/8611438_f.SAL_Public.html http://lists.grok.org.uk/pipermail/full-disclosure/2006 •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2004-0038
https://notcve.org/view.php?id=CVE-2004-0038
McAfee ePolicy Orchestrator (ePO) 2.5.1 Patch 13 and 3.0 SP2a Patch 3 allows remote attackers to execute arbitrary commands via certain HTTP POST requests to the spipe/file handler on ePO TCP port 81. mcAfee ePolicy Orchestrator (ePO) 2.5.1 Patch 13 y 3.0 SP2a Patch 3 permite a atacantes remotos ejecutar órdenes arbitrarias mediante ciertas peticiones HTTP POST al manejador "spipe/file" de ePO en el puerto TCP 81. • http://download.nai.com/products/patches/ePO/v2.x/Patch14.txt http://www.osvdb.org/5626 http://www.securityfocus.com/bid/10200 http://xforce.iss.net/xforce/alerts/id/173 https://exchange.xforce.ibmcloud.com/vulnerabilities/14166 •
CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 2CVE-2004-0095 – McAfee ePolicy Orchestrator 1.x/2.x/3.0 Agent - POST Buffer Mismanagement
https://notcve.org/view.php?id=CVE-2004-0095
McAfee ePolicy Orchestrator agent allows remote attackers to cause a denial of service (memory consumption and crash) and possibly execute arbitrary code via an HTTP POST request with an invalid Content-Length value, possibly triggering a buffer overflow. El agente de McAfee ePolicy Orchestrator permite a atacantes remotos causar una denegación de servicio (consumición de memoria y caída) y posiblemente ejecutar código arbitrario mediane una petícón HTTP POST con un valor Content-Length no válido, posiblemente disparando un desbordamiento de búfer. • https://www.exploit-db.com/exploits/23584 http://download.nai.com/products/patches/ePO/v3.1.0/EPO3013.zip http://www.osvdb.org/3744 http://www.securityfocus.com/bid/9476 https://exchange.xforce.ibmcloud.com/vulnerabilities/14989 •