Vulnerabilities > Mcafee > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-12-02 | CVE-2015-8024 | OS Command Injection vulnerability in Mcafee Enterprise Security Manager McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) 9.3.x before 9.3.2MR19, 9.4.x before 9.4.2MR9, and 9.5.x before 9.5.0MR8, when configured to use Active Directory or LDAP authentication sources, allow remote attackers to bypass authentication by logging in with the username "NGCP|NGCP|NGCP;" and any password. | 9.3 |
| 2013-12-14 | CVE-2013-7103 | OS Command Injection vulnerability in Mcafee Email Gateway 7.6 McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the value attribute in a (1) TestFile XML element or the (2) hostname. | 9.0 |
| 2013-12-14 | CVE-2013-7104 | OS Command Injection vulnerability in Mcafee Email Gateway 7.6 McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands by specifying them in the value attribute in a (1) Command or (2) Script XML element. | 9.0 |
| 2012-08-22 | CVE-2009-5118 | Unspecified vulnerability in Mcafee Virusscan Enterprise 7.1.0/8.0I/8.5I Untrusted search path vulnerability in McAfee VirusScan Enterprise before 8.7i allows local users to gain privileges via a Trojan horse DLL in an unspecified directory, as demonstrated by scanning a document located on a remote share. | 9.3 |
| 2012-08-22 | CVE-2012-4598 | Denial-Of-Service vulnerability in Mcafee products An unspecified ActiveX control in McAfee Virtual Technician (MVT) before 6.4, and ePO-MVT, allows remote attackers to execute arbitrary code or cause a denial of service (Internet Explorer crash) via a crafted web site. | 9.3 |
| 2012-08-22 | CVE-2012-4599 | Improper Authentication vulnerability in Mcafee Smartfilter Administration McAfee SmartFilter Administration, and SmartFilter Administration Bess Edition, before 4.2.1.01 does not require authentication for access to the JBoss Remote Method Invocation (RMI) interface, which allows remote attackers to execute arbitrary code via a crafted .war file. | 10.0 |
| 2009-05-05 | CVE-2009-1491 | Improper Input Validation vulnerability in Mcafee Groupshield McAfee GroupShield for Microsoft Exchange on Exchange Server 2000, and possibly other anti-virus or anti-spam products from McAfee or other vendors, does not scan X- headers for malicious content, which allows remote attackers to bypass virus detection via a crafted message, as demonstrated by a message with an X-Testing header and no message body. | 9.3 |
| 2007-10-31 | CVE-2007-2957 | Numeric Errors vulnerability in Mcafee E-Business Server Integer overflow in McAfee E-Business Server before 8.5.3 for Solaris, and before 8.1.2 for Linux, HP-UX, and AIX, allows remote attackers to execute arbitrary code via a large length value in an authentication packet, which results in a heap-based buffer overflow. | 9.3 |
| 2007-05-10 | CVE-2007-2584 | Remote Buffer Overflow vulnerability in Mcafee Security Center, Securitycenter Agent and Virusscan Buffer overflow in the IsOldAppInstalled function in the McSubMgr.McSubMgr Subscription Manager ActiveX control (MCSUBMGR.DLL) in McAfee SecurityCenter before 6.0.25 and 7.x before 7.2.147 allows remote attackers to execute arbitrary code via a crafted argument. | 10.0 |
| 2007-03-16 | CVE-2007-1498 | Remote Buffer Overflow vulnerability in Mcafee Epolicy Orchestrator and Protectionpilot Multiple stack-based buffer overflows in the SiteManager.SiteMgr.1 ActiveX control (SiteManager.dll) in the ePO management console in McAfee ePolicy Orchestrator (ePO) before 3.6.1 Patch 1 and ProtectionPilot (PRP) before 1.5.0 HotFix allow remote attackers to execute arbitrary code via a long argument to the (1) ExportSiteList and (2) VerifyPackageCatalog functions, and (3) unspecified vectors involving a swprintf function call. | 9.3 |