CVSS: 6.5EPSS: 6%CPEs: 9EXPL: 1CVE-2013-4882 – McAfee ePO 4.6.6 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-4882
Multiple SQL injection vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePolicy Orchestrator (ePO) extension for McAfee Agent (MA) 4.5 and 4.6, allow remote authenticated users to execute arbitrary SQL commands via the uid parameter to (1) core/showRegisteredTypeDetails.do and (2) EPOAGENTMETA/DisplayMSAPropsDetail.do, a different vulnerability than CVE-2013-0140. Vulnerabilidad de inyección SQL en McAfee ePolicy Orchestrator 4.6.6 y anteriores, y el ePO Extension (ePO) para McAfee Agent (MA) 4.5 a la 4.6, permite a usuarios autenticados remotamente ejecutar comandos SQL arbitrarios a través del parámetro (1) core/showRegisteredTypeDetails.do y (2) EPOAGENTMETA/DisplayMSAPropsDetail.do. Vulnerabilidad distinta de CVE-2013-0140. • https://www.exploit-db.com/exploits/26807 http://www.securityfocus.com/archive/1/527228 http://www.securitytracker.com/id/1028803 https://kc.mcafee.com/corporate/index?page=content&id=SB10043 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.9EPSS: 0%CPEs: 21EXPL: 1CVE-2013-0140 – McAfee ePolicy Orchestrator 4.6.0 < 4.6.5 - 'ePowner' Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-0140
SQL injection vulnerability in the Agent-Handler component in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to execute arbitrary SQL commands via a crafted request over the Agent-Server communication channel. Vulnerabilidad de inyección SQL en el componente Agent-Handler de McAfee ePolicy Orchestrator (ePO) anterior a v4.5.7 y v4.6.x anterior a v4.6.6 permite a atacantes remotos ejecutar comandos SQL de su elección a través una petición manipulada sobre el canal de comunicación del Agent-Server. • https://www.exploit-db.com/exploits/33071 http://seclists.org/fulldisclosure/2014/Apr/289 http://www.kb.cert.org/vuls/id/209131 http://www.securityfocus.com/bid/59500 http://www.us-cert.gov/ncas/alerts/TA13-193A https://kc.mcafee.com/corporate/index?page=content&id=SB10042 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 21EXPL: 0CVE-2013-0141 – McAfee ePolicy Owner (ePowner) 0.1
https://notcve.org/view.php?id=CVE-2013-0141
Directory traversal vulnerability in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to upload arbitrary files via a crafted request over the Agent-Server communication channel, as demonstrated by writing to the Software/ directory. Vulnerabilidad de salto de directorio en McAfee ePolicy Orchestrator (ePO) anterior a 4.5.7 y 4.6.x anterior a 4.6.6, permite a atacantes remotos la subida arbitraria de archivos a través de una petición manipulada sobre el canal de comunicación del Agent-Server como se ha demostrado sobrescribiendo el directorio Software/. • http://seclists.org/fulldisclosure/2014/Apr/289 http://www.kb.cert.org/vuls/id/209131 http://www.us-cert.gov/ncas/alerts/TA13-193A https://kc.mcafee.com/corporate/index?page=content&id=SB10042 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.2EPSS: 81%CPEs: 8EXPL: 3CVE-2012-5879 – McAfee Virtual Technician (MVT) 6.5.0.2101 - Insecure ActiveX Method
https://notcve.org/view.php?id=CVE-2012-5879
An ActiveX control in McHealthCheck.dll in McAfee Virtual Technician (MVT) and ePO-MVT 6.5.0.2101 and earlier allows remote attackers to modify or create arbitrary files via a full pathname argument to the Save method. Un control ActiveX en McHealthCheck.dll en McAfee Virtual Technician (MVT) y ePO-MVT-6.5.0.2101 y anteriores permite a atacantes remotos modificar o crear archivos arbitrarios a través de un argumento de ruta completa al método Save. McAfee Virtual Technician (MVT) 6.5.0.2101 suffers from an exposed unsafe active-x method. • https://www.exploit-db.com/exploits/24907 http://archives.neohapsis.com/archives/bugtraq/2013-03/0143.html http://osvdb.org/91700 http://www.securityfocus.com/bid/58750 http://www.securitytracker.com/id/1028357 https://kc.mcafee.com/corporate/index?page=content&id=SB10040 https://www.htbridge.com/advisory/HTB23128 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2012-4014
https://notcve.org/view.php?id=CVE-2012-4014
Unspecified vulnerability in McAfee Email Anti-virus (formerly WebShield SMTP) allows remote attackers to cause a denial of service via unknown vectors. Vulnerabilidad no especificada en McAfee Email Anti-virus (formalmente WebShield SMTP) permite a atacantes remotos provocar una denegación de servicio a través de vectores desconocidos. • http://jvn.jp/en/jp/JVN50701493/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2012-000086 •