CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2006-3623
https://notcve.org/view.php?id=CVE-2006-3623
14 Jul 2006 — Directory traversal vulnerability in Framework Service component in McAfee ePolicy Orchestrator agent 3.5.0.x and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the directory and filename in a PropsResponse (PackageType) request. Vulnerabilidad de salto de directorio en el componente Framework Service en McAfee ePolicy Orchestrator agent 3.5.0.x y anteriores permite a atacantes remotos crear archivos de su elección a través de una secuencia .. (punto punto) en el directorio ... • http://secunia.com/advisories/21037 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2005-2554
https://notcve.org/view.php?id=CVE-2005-2554
12 Aug 2005 — The web server for Network Associates ePolicy Orchestrator Agent 3.5.0 (patch 3) uses insecure permissions for the "Common Framework\Db" folder, which allows local users to read arbitrary files by creating a subfolder in the EPO agent web root directory. • http://knowledgemap.nai.com/KanisaSupportSite/search.do?cmd=displayKC&docType=kc&externalId=KBkb42216xml •