Vulnerabilities > Mcafee
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-1906 | Buffer Overflow vulnerability in Mcafee FreeScan CoMcFreeScan Browser Object Mcafee FreeScan allows remote attackers to cause a denial of service and possibly arbitrary code via a long string in the ScanParam property of a COM object, which may trigger a buffer overflow. | 5.0 |
| 2004-09-14 | CVE-2004-0831 | Local Security vulnerability in Virusscan 4.5/4.5.1 McAfee VirusScan 4.5.1 does not drop SYSTEM privileges before allowing users to browse for files via the "System Scan" properties of the System Tray applet, which could allow local users to gain privileges. | 7.2 |
| 2004-08-18 | CVE-2004-0230 | TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP. | 5.0 |
| 2004-06-14 | CVE-2004-0038 | Remote Code Execution vulnerability in Mcafee Epolicy Orchestrator 2.5/2.5.1/3.0 McAfee ePolicy Orchestrator (ePO) 2.5.1 Patch 13 and 3.0 SP2a Patch 3 allows remote attackers to execute arbitrary commands via certain HTTP POST requests to the spipe/file handler on ePO TCP port 81. | 7.5 |
| 2004-02-17 | CVE-2004-0095 | Buffer Mismanagement vulnerability in Mcafee Epolicy Orchestrator 3.6.0 McAfee ePolicy Orchestrator agent allows remote attackers to cause a denial of service (memory consumption and crash) and possibly execute arbitrary code via an HTTP POST request with an invalid Content-Length value, possibly triggering a buffer overflow. | 5.0 |
| 2003-08-27 | CVE-2003-0616 | Unspecified vulnerability in Mcafee Epolicy Orchestrator 2.0/2.5/2.5.1 Format string vulnerability in ePO service for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code via a POST request with format strings in the computerlist parameter, which are used when logging a failed name resolution. | 7.5 |
| 2003-08-27 | CVE-2003-0610 | Unspecified vulnerability in Mcafee Epolicy Orchestrator 3.0 Directory traversal vulnerability in ePO agent for McAfee ePolicy Orchestrator 3.0 allows remote attackers to read arbitrary files via a certain HTTP request. | 5.0 |
| 2003-08-27 | CVE-2003-0149 | Unspecified vulnerability in Mcafee Epolicy Orchestrator 2.0/2.5/2.5.1 Heap-based buffer overflow in ePO agent for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code via a POST request containing long parameters. | 7.5 |
| 2003-08-27 | CVE-2003-0148 | Unspecified vulnerability in Mcafee Epolicy Orchestrator The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 through 3.0 allows attackers to execute arbitrary code via a series of steps that (1) obtain the database administrator username and encrypted password in a configuration file from the ePO server using a certain request, (2) crack the password due to weak cryptography, and (3) use the password to pass commands through xp_cmdshell. | 7.2 |
| 2003-04-11 | CVE-2002-0690 | Unspecified vulnerability in Mcafee Epolicy Orchestrator 2.5.1 Format string vulnerability in McAfee Security ePolicy Orchestrator (ePO) 2.5.1 allows remote attackers to execute arbitrary code via an HTTP GET request with a URI containing format strings. | 10.0 |