CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2013-5094 – McAfee Vulnerability Manager - 'cert_cn' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-5094
Cross-site scripting (XSS) vulnerability in index.exp in McAfee Vulnerability Manager 7.5 allows remote attackers to inject arbitrary web script or HTML via the cert_cn cookie parameter. Vulnerabilidad de XSS en index.exp de McAfee Vulnerability Manager 7.5 permite a atacantes remotos inyectar script web o HTML arbitrario a través del parámetro cookie cert_cn. • https://www.exploit-db.com/exploits/38368 http://asheesh2000.blogspot.com/2013/08/mcafee-vulnerability-manager-75-cross.html http://packetstormsecurity.com/files/120721/McAfee-Vulnerability-Manager-7.5-Cross-Site-Scripting.html http://www.securityfocus.com/bid/58401 http://www.tenable.com/plugins/index.php?view=single&id=65738 https://kc.mcafee.com/corporate/index?page=content&id=KB77772 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2014-1472
https://notcve.org/view.php?id=CVE-2014-1472
Multiple cross-site scripting (XSS) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en Enterprise Manager de McAfee Vulnerability Manager (MVM) 7.5.5 y anteriores versiones permiten a atacantes remotos inyectar secuencias de comandos Web o HTML a través de vectores no especificados. • http://osvdb.org/101940 http://secunia.com/advisories/56394 http://www.securityfocus.com/bid/64795 http://www.securitytracker.com/id/1029591 https://exchange.xforce.ibmcloud.com/vulnerabilities/90244 https://kc.mcafee.com/corporate/index?page=content&id=SB10061 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2014-1473
https://notcve.org/view.php?id=CVE-2014-1473
Multiple cross-site request forgery (CSRF) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to hijack the authentication of users for requests that modify HTML via unspecified vectors related to the "response web page." Multiples vulnerabilidades cross-site request forgery (CSRF) en Enterprise Manager en McAfee Vulnerability Managery (MVM) 7.5.5 y anteriores que permiten a atacantes remotos secuestrar la autenticación de los usuarios para las peticiones que modifican HTML a través de vectores no especificados relacionados con la "respuesta de página Web " • http://osvdb.org/101939 http://secunia.com/advisories/56394 http://www.securityfocus.com/bid/64795 http://www.securitytracker.com/id/1029591 https://exchange.xforce.ibmcloud.com/vulnerabilities/90245 https://kc.mcafee.com/corporate/index?page=content&id=SB10061 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2013-7103
https://notcve.org/view.php?id=CVE-2013-7103
McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the value attribute in a (1) TestFile XML element or the (2) hostname. NOTE: this issue can be combined with CVE-2013-7092 to allow remote attackers to execute commands. McAfee Email Gateway 7.6 permite a los administradores remotos autenticados ejecutar comandos arbitrarios mediante metacaracteres de shell en el atributo valor en,(1) un elemento TestFile XML o , (2) el nombre de host. NOTA: este problema se puede combinar con CVE-2013-7092 para permitir a un atacante remoto ejecutar comandos. • http://osvdb.org/100581 http://packetstormsecurity.com/files/124277/McAfee-Email-Gateway-7.6-Command-Execution-SQL-Injection.html http://seclists.org/fulldisclosure/2013/Dec/18 http://www.securityfocus.com/bid/64150 https://exchange.xforce.ibmcloud.com/vulnerabilities/90162 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2013-7104
https://notcve.org/view.php?id=CVE-2013-7104
McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands by specifying them in the value attribute in a (1) Command or (2) Script XML element. NOTE: this issue can be combined with CVE-2013-7092 to allow remote attackers to execute commands. McAfee Email Gateway 7.6 permite a los administradores remotos autenticados ejecutar comandos arbitrarios especificando en el atributo valor en un Comando(1) o el elemento de script XML(2). NOTA: este problema se puede combinar con CVE-2013-7092 para permitir a un atacante remoto ejecutar comandos. • http://osvdb.org/100581 http://packetstormsecurity.com/files/124277/McAfee-Email-Gateway-7.6-Command-Execution-SQL-Injection.html http://seclists.org/fulldisclosure/2013/Dec/18 http://www.securityfocus.com/bid/64150 https://exchange.xforce.ibmcloud.com/vulnerabilities/90163 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •