Vulnerabilities > Mcafee > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-01-16 | CVE-2014-1472 | Cross-Site Scripting vulnerability in Mcafee vulnerability Manager 7.0.11/7.5.4/7.5.5 Multiple cross-site scripting (XSS) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2013-12-13 | CVE-2013-7092 | SQL Injection vulnerability in Mcafee Email Gateway 7.6 Multiple SQL injection vulnerabilities in /admin/cgi-bin/rpc/doReport/18 in McAfee Email Gateway 7.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) events_col, (2) event_id, (3) reason, (4) events_order, (5) emailstatus_order, or (6) emailstatus_col JSON keys. | 6.5 |
| 2013-10-05 | CVE-2013-3627 | Resource Management Errors vulnerability in Mcafee Agent FrameworkService.exe in McAfee Framework Service in McAfee Managed Agent (MA) before 4.5.0.1927 and 4.6 before 4.6.0.3258 allows remote attackers to cause a denial of service (service crash) via a malformed HTTP request. | 5.0 |
| 2013-07-22 | CVE-2013-4883 | Cross-Site Scripting vulnerability in Mcafee Epolicy Orchestrator and Epolicy Orchestrator Agent Multiple cross-site scripting (XSS) vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePO Extension for the McAfee Agent (MA) 4.5 through 4.6, allow remote attackers to inject arbitrary web script or HTML via the (1) instanceId parameter core/loadDisplayType.do; (2) instanceId or (3) monitorUrl parameter to console/createDashboardContainer.do; uid parameter to (4) ComputerMgmt/sysDetPanelBoolPie.do or (5) ComputerMgmt/sysDetPanelSummary.do; (6) uid, (7) orion.user.security.token, or (8) ajaxMode parameter to ComputerMgmt/sysDetPanelQry.do; or (9) uid, (10) orion.user.security.token, or (11) ajaxMode parameter to ComputerMgmt/sysDetPanelSummary.do. | 4.3 |
| 2013-07-22 | CVE-2013-4882 | SQL Injection vulnerability in Mcafee Epolicy Orchestrator and Epolicy Orchestrator Agent Multiple SQL injection vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePolicy Orchestrator (ePO) extension for McAfee Agent (MA) 4.5 and 4.6, allow remote authenticated users to execute arbitrary SQL commands via the uid parameter to (1) core/showRegisteredTypeDetails.do and (2) EPOAGENTMETA/DisplayMSAPropsDetail.do, a different vulnerability than CVE-2013-0140. | 6.5 |
| 2013-05-01 | CVE-2013-0141 | Path Traversal vulnerability in Mcafee Epolicy Orchestrator Directory traversal vulnerability in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to upload arbitrary files via a crafted request over the Agent-Server communication channel, as demonstrated by writing to the Software/ directory. | 4.3 |
| 2012-08-22 | CVE-2012-4597 | Cross-Site Scripting vulnerability in Mcafee Email and web Security and Email Gateway Cross-site scripting (XSS) vulnerability in McAfee Email and Web Security (EWS) 5.5 through Patch 6 and 5.6 through Patch 3, and McAfee Email Gateway (MEG) 7.0.0 and 7.0.1, allows remote attackers to inject arbitrary web script or HTML via vectors related to the McAfee Security Appliance Management Console/Dashboard. | 4.3 |
| 2012-08-22 | CVE-2012-4596 | Path Traversal vulnerability in Mcafee Email Gateway 7.0.0/7.0.1 Directory traversal vulnerability in McAfee Email Gateway (MEG) 7.0.0 and 7.0.1 allows remote authenticated users to bypass intended access restrictions and download arbitrary files via a crafted URL. | 4.3 |
| 2012-08-22 | CVE-2012-4594 | Permissions, Privileges, and Access Controls vulnerability in Mcafee Epolicy Orchestrator McAfee ePolicy Orchestrator (ePO) 4.6.1 and earlier allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information from arbitrary reporting panels, via a modified ID value in a console URL. | 4.0 |
| 2012-08-22 | CVE-2012-4593 | Permissions, Privileges, and Access Controls vulnerability in Mcafee Application Control and Change Control McAfee Application Control and Change Control 5.1.x and 6.0.0 do not enforce an intended password requirement in certain situations involving attributes of the password file, which allows local users to bypass authentication by executing a command. | 5.0 |