CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 6CVE-2014-2586 – McAfee Asset Manager 6.6 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-2586
Cross-site scripting (XSS) vulnerability in the login audit form in McAfee Cloud Single Sign On (SSO) allows remote attackers to inject arbitrary web script or HTML via a crafted password. Vulnerabilidad de XSS en el formulario de auditaría de registro en McAfee Cloud Single Sign On (SSO) permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de una contraseña manipulada. • https://www.exploit-db.com/exploits/32368 http://packetstormsecurity.com/files/125775/McAfee-Cloud-SSO-Asset-Manager-Issues.html http://seclists.org/fulldisclosure/2014/Mar/325 http://www.exploit-db.com/exploits/32368 http://www.securityfocus.com/bid/66302 https://twitter.com/BrandonPrry/status/445969380656943104 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 4CVE-2014-2587 – McAfee Asset Manager 6.6 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-2587
SQL injection vulnerability in jsp/reports/ReportsAudit.jsp in McAfee Asset Manager 6.6 allows remote authenticated users to execute arbitrary SQL commands via the username of an audit report (aka user parameter). Vulnerabilidad de inyección SQL en jsp/reports/ReportsAudit.jsp en McAfee Asset Manager 6.6 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través del nombre de usuario de un informe de auditaría (también conocido como parámetro user). • https://www.exploit-db.com/exploits/32368 http://packetstormsecurity.com/files/125775/McAfee-Cloud-SSO-Asset-Manager-Issues.html http://seclists.org/fulldisclosure/2014/Mar/325 http://www.exploit-db.com/exploits/32368 http://www.osvdb.org/104634 http://www.securityfocus.com/bid/66302 http://www.securitytracker.com/id/1029927 https://exchange.xforce.ibmcloud.com/vulnerabilities/91929 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2014-2536
https://notcve.org/view.php?id=CVE-2014-2536
Directory traversal vulnerability in McAfee Cloud Identity Manager 3.0, 3.1, and 3.5.1, McAfee Cloud Single Sign On (MCSSO) before 4.0.1, and Intel Expressway Cloud Access 360-SSO 2.1 and 2.5 allows remote authenticated users to read an unspecified file containing a hash of the administrator password via unknown vectors. Vulnerabilidad de salto de directorio en McAfee Cloud Identity Manager 3.0, 3.1 y 3.5.1, McAfee Cloud Single Sign On (MCSSO) anterior a 4.0.1 e Intel Expressway Cloud Access 360-SSO 2.1 y 2.5 permite a usuarios remotos autenticados leer un archivo no especificado que contiene un hash de la contraseña de administrador a través de vectores desconocidos. • http://secunia.com/advisories/57368 http://secunia.com/advisories/57381 http://www.securityfocus.com/bid/66181 https://kc.mcafee.com/corporate/index?page=content&id=SB10066 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0CVE-2014-2535
https://notcve.org/view.php?id=CVE-2014-2535
Directory traversal vulnerability in McAfee Web Gateway (MWG) 7.4.x before 7.4.1, 7.3.x before 7.3.2.6, and 7.2.0.9 and earlier allows remote authenticated users to read arbitrary files via a crafted request to the web filtering port. Vulnerabilidad de salto de directorio en McAfee Web Gateway (MWG) 7.4.x anterior a 7.4.1, 7.3.x anterior a 7.3.2.6 y 7.2.0.9 y anteriores permite a usuarios remotos autenticados leer archivos arbitrarios a través de una solicitud manipulada hacia el puerto de filtrado web. • http://secunia.com/advisories/56958 http://www.securityfocus.com/bid/66193 https://exchange.xforce.ibmcloud.com/vulnerabilities/91772 https://kc.mcafee.com/corporate/index?page=content&id=SB10063 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.3EPSS: 0%CPEs: 8EXPL: 1CVE-2014-2205
https://notcve.org/view.php?id=CVE-2014-2205
The Import and Export Framework in McAfee ePolicy Orchestrator (ePO) before 4.6.7 Hotfix 940148 allows remote authenticated users with permissions to add dashboards to read arbitrary files by importing a crafted XML file, related to an XML External Entity (XXE) issue. El Framework Import and Export en McAfee ePolicy Orchestrator (ePO) anterior a 4.6.7 Hotfix 940148 permite a usuarios remotos autenticados con permisos para añadir cuadros de mando leer archivos arbitrarios mediante la importación de un archivo XML manipilado, relacionado con un problema de XML External Entity (XXE). • http://secunia.com/advisories/57114 http://www.securityfocus.com/archive/1/531255/100/0/threaded http://www.securityfocus.com/bid/65771 https://kc.mcafee.com/corporate/index?page=content&id=SB10065 https://www.redteam-pentesting.de/advisories/rt-sa-2014-001.txt • CWE-264: Permissions, Privileges, and Access Controls •