CVE-2015-8989
https://notcve.org/view.php?id=CVE-2015-8989
Unsalted password vulnerability in the Enterprise Manager (web portal) component in Intel Security McAfee Vulnerability Manager (MVM) 7.5.8 and earlier allows attackers to more easily decrypt user passwords via brute force attacks against the database. Vulnerabilidad de contraseña sin sal en el componente Enterprise Manager (portal web) en Intel Security McAfee Vulnerability Manager (MVM) 7.5.8 y versiones anteriores permite a los atacantes descifrar más fácilmente las contraseñas de usuario a través de ataques de fuerza bruta contra la base de datos. • https://kc.mcafee.com/corporate/index?page=content&id=SB10117 • CWE-310: Cryptographic Issues •
CVE-2016-2199
https://notcve.org/view.php?id=CVE-2016-2199
Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations and Remediation management page in Enterprise Manager in McAfee Vulnerability Manager (MVM) before 7.5.10 allow remote attackers to hijack the authentication of administrators for requests that have unspecified impact via unknown vectors. Múltiples vulnerabilidades de CSRF en la página de gestión Organizations and Remediation en Enterprise Manager en McAfee Vulnerability Manager (MVM) en versiones anteriores a 7.5.10 permiten a atacantes remotos secuestrar la autenticación de administradores por peticiones que tienen un impacto no especificado a través de vectores desconocidos. • https://kc.mcafee.com/corporate/index?page=content&id=SB10147 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2015-7612
https://notcve.org/view.php?id=CVE-2015-7612
Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations page in Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.9 and earlier allow remote attackers to hijack the authentication of administrators for requests that have unspecified impact via unknown vectors. Múltiples vulnerabilidades de CSRF en la página Organizations en Enterprise Manager en McAfee Vulnerability Manager (MVM) 7.5.9 y versiones anteriores, permite a atacantes remotos secuestrar la autenticación de administradores por peticiones que tienen un impacto no especificado a través de vectores desconocidos. • http://www.securitytracker.com/id/1033682 https://kc.mcafee.com/corporate/index?page=content&id=SB10135 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2014-1472
https://notcve.org/view.php?id=CVE-2014-1472
Multiple cross-site scripting (XSS) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en Enterprise Manager de McAfee Vulnerability Manager (MVM) 7.5.5 y anteriores versiones permiten a atacantes remotos inyectar secuencias de comandos Web o HTML a través de vectores no especificados. • http://osvdb.org/101940 http://secunia.com/advisories/56394 http://www.securityfocus.com/bid/64795 http://www.securitytracker.com/id/1029591 https://exchange.xforce.ibmcloud.com/vulnerabilities/90244 https://kc.mcafee.com/corporate/index?page=content&id=SB10061 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-1473
https://notcve.org/view.php?id=CVE-2014-1473
Multiple cross-site request forgery (CSRF) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to hijack the authentication of users for requests that modify HTML via unspecified vectors related to the "response web page." Multiples vulnerabilidades cross-site request forgery (CSRF) en Enterprise Manager en McAfee Vulnerability Managery (MVM) 7.5.5 y anteriores que permiten a atacantes remotos secuestrar la autenticación de los usuarios para las peticiones que modifican HTML a través de vectores no especificados relacionados con la "respuesta de página Web " • http://osvdb.org/101939 http://secunia.com/advisories/56394 http://www.securityfocus.com/bid/64795 http://www.securitytracker.com/id/1029591 https://exchange.xforce.ibmcloud.com/vulnerabilities/90245 https://kc.mcafee.com/corporate/index?page=content&id=SB10061 • CWE-352: Cross-Site Request Forgery (CSRF) •