CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2013-7092
https://notcve.org/view.php?id=CVE-2013-7092
Multiple SQL injection vulnerabilities in /admin/cgi-bin/rpc/doReport/18 in McAfee Email Gateway 7.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) events_col, (2) event_id, (3) reason, (4) events_order, (5) emailstatus_order, or (6) emailstatus_col JSON keys. Múltiples vulnerabilidades de inyección SQL en / admin/cgi-bin/rpc/doReport/18 en McAfee Email Gateway 7.6 permiten a los usuarios remotos autenticados ejecutar comandos SQL a través de las claves: (1) events_col, (2) event_id, (3) reason, (4 ) events_order, (5) emailstatus_order, o (6??) JSON emailstatus_col • http://osvdb.org/100582 http://packetstormsecurity.com/files/124277/McAfee-Email-Gateway-7.6-Command-Execution-SQL-Injection.html http://seclists.org/fulldisclosure/2013/Dec/18 http://www.securityfocus.com/bid/64150 https://exchange.xforce.ibmcloud.com/vulnerabilities/90161 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 0CVE-2013-6349
https://notcve.org/view.php?id=CVE-2013-6349
McAfee Email Gateway (MEG) 7.0 before 7.0.4 and 7.5 before 7.5.1 allows remote authenticated users to execute arbitrary commands via unspecified vectors. McAfee Email Gateway (MEG) 7.0 antes de 7.0.4 y 7.5 antes de 7.5.1 permite a usuarios remotos autenticados ejecutar código arbitrario a través de vectores no especificados. • http://osvdb.org/98669 https://kc.mcafee.com/corporate/index?page=content&id=SB10057 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2013-3627
https://notcve.org/view.php?id=CVE-2013-3627
FrameworkService.exe in McAfee Framework Service in McAfee Managed Agent (MA) before 4.5.0.1927 and 4.6 before 4.6.0.3258 allows remote attackers to cause a denial of service (service crash) via a malformed HTTP request. FrameworkService.exe en McAfee Framework Service de McAfee Managed Agent (MA) anterior a la versión 4.5.0.1927 y 4.6 anterior a 4.6.0.3258 permite a atacantes remotos provocar una denegación de servicio (cuelgue del servicio) a través de peticiones HTTP malformadas. • http://www.kb.cert.org/vuls/id/613886 https://kc.mcafee.com/corporate/index?page=content&id=SB10055 • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 4CVE-2013-4884 – McAfee SuperScan 4.0 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-4884
Cross-site scripting (XSS) vulnerability in McAfee SuperScan 4.0 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded sequences in a server response, which is not properly handled in the SuperScan HTML report. Vulnerabilidad de XSS en McAfee SuperScan 4.0 permite a atacantes remotos inyectar script Web o HTML arbitrario a través de secuencias UTF-7 codificadas en una respuesta del servidor, lo cual no es correctamente manejado en el reporte HTML de SuperScan. McAfee Superscan version 4.0 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/27406 http://seclists.org/fulldisclosure/2013/Aug/68 http://www.exploit-db.com/exploits/27406 http://www.securityfocus.com/bid/61640 https://exchange.xforce.ibmcloud.com/vulnerabilities/86257 https://kc.mcafee.com/corporate/index?page=content&id=KB78992 https://www.trustwave.com/spiderlabs/advisories/TWSL2013-024.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 1%CPEs: 9EXPL: 1CVE-2013-4883 – McAfee ePO 4.6.6 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-4883
Multiple cross-site scripting (XSS) vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePO Extension for the McAfee Agent (MA) 4.5 through 4.6, allow remote attackers to inject arbitrary web script or HTML via the (1) instanceId parameter core/loadDisplayType.do; (2) instanceId or (3) monitorUrl parameter to console/createDashboardContainer.do; uid parameter to (4) ComputerMgmt/sysDetPanelBoolPie.do or (5) ComputerMgmt/sysDetPanelSummary.do; (6) uid, (7) orion.user.security.token, or (8) ajaxMode parameter to ComputerMgmt/sysDetPanelQry.do; or (9) uid, (10) orion.user.security.token, or (11) ajaxMode parameter to ComputerMgmt/sysDetPanelSummary.do. Múltiples vulnerabilidades XSS en McAfee ePolicy Orchestrator 4.6.6 y anteriores, y el ePO Extension para McAfee Agent (MA) 4.5 a la 4.6, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través del parámetro (1) instanceId a core/loadDisplayType.do; del parámetro (2) instanceId o (3) monitorUrl a console/createDashboardContainer.do; del parámetro uid a (4) ComputerMgmt/sysDetPanelBoolPie.do o (5) ComputerMgmt/sysDetPanelSummary.do; (6) uid, (7) orion.user.security.token, o del parámetro(8) ajaxMode a ComputerMgmt/sysDetPanelQry.do; o (9) uid, (10) orion.user.security.token, o del parámetro (11) ajaxMode a ComputerMgmt/sysDetPanelSummary.do. • https://www.exploit-db.com/exploits/26807 http://osvdb.org/95187 http://osvdb.org/95188 http://osvdb.org/95189 http://osvdb.org/95190 http://osvdb.org/95191 http://www.securityfocus.com/archive/1/527228 http://www.securitytracker.com/id/1028803 https://kc.mcafee.com/corporate/index?page=content&id=KB78824 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •