Vulnerabilities > Mcafee > Critical

DATE CVE VULNERABILITY TITLE RISK
2015-12-02 CVE-2015-8024 OS Command Injection vulnerability in Mcafee Enterprise Security Manager
McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) 9.3.x before 9.3.2MR19, 9.4.x before 9.4.2MR9, and 9.5.x before 9.5.0MR8, when configured to use Active Directory or LDAP authentication sources, allow remote attackers to bypass authentication by logging in with the username "NGCP|NGCP|NGCP;" and any password.
network
mcafee CWE-78
critical
9.3
2013-12-14 CVE-2013-7104 OS Command Injection vulnerability in Mcafee Email Gateway 7.6
McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands by specifying them in the value attribute in a (1) Command or (2) Script XML element.
network
low complexity
mcafee CWE-78
critical
9.0
2013-12-14 CVE-2013-7103 OS Command Injection vulnerability in Mcafee Email Gateway 7.6
McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the value attribute in a (1) TestFile XML element or the (2) hostname.
network
low complexity
mcafee CWE-78
critical
9.0
2012-08-22 CVE-2012-4599 Improper Authentication vulnerability in Mcafee Smartfilter Administration
McAfee SmartFilter Administration, and SmartFilter Administration Bess Edition, before 4.2.1.01 does not require authentication for access to the JBoss Remote Method Invocation (RMI) interface, which allows remote attackers to execute arbitrary code via a crafted .war file.
network
low complexity
mcafee CWE-287
critical
10.0
2012-08-22 CVE-2012-4598 Denial-Of-Service vulnerability in Mcafee products
An unspecified ActiveX control in McAfee Virtual Technician (MVT) before 6.4, and ePO-MVT, allows remote attackers to execute arbitrary code or cause a denial of service (Internet Explorer crash) via a crafted web site.
network
mcafee
critical
9.3
2012-08-22 CVE-2009-5118 Unspecified vulnerability in Mcafee Virusscan Enterprise 7.1.0/8.0I/8.5I
Untrusted search path vulnerability in McAfee VirusScan Enterprise before 8.7i allows local users to gain privileges via a Trojan horse DLL in an unspecified directory, as demonstrated by scanning a document located on a remote share.
network
mcafee
critical
9.3
2009-05-05 CVE-2009-1491 Improper Input Validation vulnerability in Mcafee Groupshield
McAfee GroupShield for Microsoft Exchange on Exchange Server 2000, and possibly other anti-virus or anti-spam products from McAfee or other vendors, does not scan X- headers for malicious content, which allows remote attackers to bypass virus detection via a crafted message, as demonstrated by a message with an X-Testing header and no message body.
network
mcafee microsoft CWE-20
critical
9.3
2007-10-31 CVE-2007-2957 Numeric Errors vulnerability in Mcafee E-Business Server
Integer overflow in McAfee E-Business Server before 8.5.3 for Solaris, and before 8.1.2 for Linux, HP-UX, and AIX, allows remote attackers to execute arbitrary code via a large length value in an authentication packet, which results in a heap-based buffer overflow.
network
mcafee CWE-189
critical
9.3
2007-05-10 CVE-2007-2584 Remote Buffer Overflow vulnerability in Mcafee Security Center, Securitycenter Agent and Virusscan
Buffer overflow in the IsOldAppInstalled function in the McSubMgr.McSubMgr Subscription Manager ActiveX control (MCSUBMGR.DLL) in McAfee SecurityCenter before 6.0.25 and 7.x before 7.2.147 allows remote attackers to execute arbitrary code via a crafted argument.
network
low complexity
mcafee
critical
10.0
2007-03-16 CVE-2007-1498 Remote Buffer Overflow vulnerability in Mcafee Epolicy Orchestrator and Protectionpilot
Multiple stack-based buffer overflows in the SiteManager.SiteMgr.1 ActiveX control (SiteManager.dll) in the ePO management console in McAfee ePolicy Orchestrator (ePO) before 3.6.1 Patch 1 and ProtectionPilot (PRP) before 1.5.0 HotFix allow remote attackers to execute arbitrary code via a long argument to the (1) ExportSiteList and (2) VerifyPackageCatalog functions, and (3) unspecified vectors involving a swprintf function call.
network
mcafee
critical
9.3