CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7268 – McAfee Email Gateway (MEG) - Path Traversal vulnerability
https://notcve.org/view.php?id=CVE-2020-7268
16 Sep 2020 — Path Traversal vulnerability in McAfee McAfee Email Gateway (MEG) prior to 7.6.406 allows remote attackers to traverse the file system to access files or directories that are outside of the restricted directory via external input to construct a path name that should be within a restricted directory. Una vulnerabilidad de Salto de Directorio en McAfee Email Gateway (MEG) versiones anteriores a 7.6.406, permite a atacantes remotos saltar el sistema de archivos para acceder a archivos o directorios que están f... • https://kc.mcafee.com/corporate/index?page=content&id=SB10323 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8005
https://notcve.org/view.php?id=CVE-2016-8005
14 Mar 2017 — File extension filtering vulnerability in Intel Security McAfee Email Gateway (MEG) before 7.6.404h1128596 allows attackers to fail to identify the file name properly via scanning an email with a forged attached filename that uses a null byte within the filename extension. Vulnerabilidad de filtrado de extensión de archivo en Intel Security McAfee Email Gateway (MEG) en versiones anteriores a 7.6.404h1128596 permite a atacantes no identificar el nombre de archivo correctamente a través del escaneo de un cor... • https://kc.mcafee.com/corporate/index?page=content&id=SB10161 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.4EPSS: 0%CPEs: 17EXPL: 0CVE-2015-1619
https://notcve.org/view.php?id=CVE-2015-1619
17 Feb 2015 — Cross-site scripting (XSS) vulnerability in the Secure Web Mail Client user interface in McAfee Email Gateway (MEG) 7.6.x before 7.6.3.2, 7.5.x before 75.6, 7.0.x through 7.0.5, 5.6, and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified tokens in Digest messages. Vulnerabilidad de XSS en la interfaz del usuarios de Secure Web Mail Client en McAfee Email Gateway (MEG) 7.6.x anterior a 7.6.3.2, 7.5.x anterior a 75.6, 7.0.x hasta 7.0.5, 5.6, y anteriores permite a... • https://kc.mcafee.com/corporate/index?page=content&id=SB10099 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2012-4580
https://notcve.org/view.php?id=CVE-2012-4580
22 Aug 2012 — Cross-site scripting (XSS) vulnerability in McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote attackers to inject arbitrary web script or HTML via vectors related to the McAfee Security Appliance Management Console/Dashboard. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en McAfee Email and Web Security v5.x (EWS) antes de v5.5 Patch 6 y v5.6 antes de la revisión v3 y McAfee Email Gateway... • https://kc.mcafee.com/corporate/index?page=content&id=SB10020 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2012-4581
https://notcve.org/view.php?id=CVE-2012-4581
22 Aug 2012 — McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, does not disable the server-side session token upon the closing of the Management Console/Dashboard, which makes it easier for remote attackers to hijack sessions by capturing a session cookie and then modifying the response to a login attempt, related to a "Logout Failure" issue. McAfee Email and Web Security v5.x (EWS) antes de v5.5 Patch 6 y v5.6 antes de la revisión 3 y M... • https://kc.mcafee.com/corporate/index?page=content&id=SB10020 • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2012-4582
https://notcve.org/view.php?id=CVE-2012-4582
22 Aug 2012 — McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to reset the passwords of arbitrary administrative accounts via unspecified vectors. McAfee Email and Web Security v5.x (EWS) antes de v5.5 Patch 6 y v5.6 antes de la revisión 3 y McAfee Email Gateway (MEG) v7.0 antes de la revisión 1 permiten a usuarios remotos autenticados cambiar las contraseñas de cuentas de administración de su elección ... • http://archives.neohapsis.com/archives/bugtraq/2012-03/0160.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2012-4583
https://notcve.org/view.php?id=CVE-2012-4583
22 Aug 2012 — McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to obtain the session tokens of arbitrary users by navigating within the Dashboard. McAfee Email and Web Security v5.x (EWS) antes de v5.5 Patch 6 y v5.6 antes de la revisión 3 y McAfee Email Gateway (MEG) v7.0 antes de la revisión 1 permiten a usuarios remotos autenticados obtener tokens de sesión de usuarios de su elección, navegando en el ... • http://archives.neohapsis.com/archives/bugtraq/2012-03/0161.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2012-4584
https://notcve.org/view.php?id=CVE-2012-4584
22 Aug 2012 — McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, does not properly encrypt system-backup data, which makes it easier for remote authenticated users to obtain sensitive information by reading a backup file, as demonstrated by obtaining password hashes. McAfee Email and Web Security v5.x (EWS) antes de v5.5 Patch 6 y v5.6 antes de la revisión 3 y McAfee Email Gateway (MEG) v7.0 antes de la revisión 1 no cifra apropiadamente l... • http://archives.neohapsis.com/archives/bugtraq/2012-03/0162.html • CWE-310: Cryptographic Issues •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2012-4585
https://notcve.org/view.php?id=CVE-2012-4585
22 Aug 2012 — McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to read arbitrary files via a crafted URL. McAfee Email and Web Security v5.x (EWS) antes de v5.5 Patch 6 y v5.6 antes de la revisión 3 y McAfee Email Gateway (MEG) v7.0 antes de la revisión 1 permiten leer archivos de su elección a usuarios remotos autenticados a través de una URL maliciosa. • http://archives.neohapsis.com/archives/bugtraq/2012-03/0163.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2012-4586
https://notcve.org/view.php?id=CVE-2012-4586
22 Aug 2012 — McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, accesses files with the privileges of the root user, which allows remote authenticated users to bypass intended permission settings by requesting a file. McAfee Email and Web Security v5.x (EWS) antes de v5.5 Patch 6 y v5.6 antes de la revisión 3 y McAfee Email Gateway (MEG) v7.0 antes de la revisión 1 accede a los archivos con los privilegios del usuario root, lo que permite... • https://kc.mcafee.com/corporate/index?page=content&id=SB10020 • CWE-264: Permissions, Privileges, and Access Controls •