Filtered by vendor Mcafee
Subscriptions
Filtered by product Epolicy Orchestrator
Subscriptions
Total
86 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2004-0095 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-08-08 | N/A |
McAfee ePolicy Orchestrator agent allows remote attackers to cause a denial of service (memory consumption and crash) and possibly execute arbitrary code via an HTTP POST request with an invalid Content-Length value, possibly triggering a buffer overflow. | ||||
CVE-2004-0038 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-08-08 | N/A |
McAfee ePolicy Orchestrator (ePO) 2.5.1 Patch 13 and 3.0 SP2a Patch 3 allows remote attackers to execute arbitrary commands via certain HTTP POST requests to the spipe/file handler on ePO TCP port 81. | ||||
CVE-2006-5274 | 1 Mcafee | 3 Common Management Agent, Epolicy Orchestrator, Protectionpilot | 2024-08-07 | N/A |
Integer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.5.5.438 allows remote attackers to cause a denial of service (CMA Framework service crash) and possibly execute arbitrary code via unspecified vectors. | ||||
CVE-2006-5156 | 1 Mcafee | 2 Epolicy Orchestrator, Protectionpilot | 2024-08-07 | N/A |
Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126 allows remote attackers to execute arbitrary code via a request to /spipe/pkg/ with a long source header. | ||||
CVE-2007-1498 | 1 Mcafee | 2 Epolicy Orchestrator, Protectionpilot | 2024-08-07 | N/A |
Multiple stack-based buffer overflows in the SiteManager.SiteMgr.1 ActiveX control (SiteManager.dll) in the ePO management console in McAfee ePolicy Orchestrator (ePO) before 3.6.1 Patch 1 and ProtectionPilot (PRP) before 1.5.0 HotFix allow remote attackers to execute arbitrary code via a long argument to the (1) ExportSiteList and (2) VerifyPackageCatalog functions, and (3) unspecified vectors involving a swprintf function call. | ||||
CVE-2008-1357 | 1 Mcafee | 4 Agent, Cma, Epolicy Orchestrator and 1 more | 2024-08-07 | N/A |
Format string vulnerability in the logDetail function of applib.dll in McAfee Common Management Agent (CMA) 3.6.0.574 (Patch 3) and earlier, as used in ePolicy Orchestrator 4.0.0 build 1015, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in a sender field in an AgentWakeup request to UDP port 8082. NOTE: this issue only exists when the debug level is 8. | ||||
CVE-2012-4594 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-08-06 | N/A |
McAfee ePolicy Orchestrator (ePO) 4.6.1 and earlier allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information from arbitrary reporting panels, via a modified ID value in a console URL. | ||||
CVE-2013-4882 | 1 Mcafee | 2 Epolicy Orchestrator, Epolicy Orchestrator Agent | 2024-08-06 | N/A |
Multiple SQL injection vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePolicy Orchestrator (ePO) extension for McAfee Agent (MA) 4.5 and 4.6, allow remote authenticated users to execute arbitrary SQL commands via the uid parameter to (1) core/showRegisteredTypeDetails.do and (2) EPOAGENTMETA/DisplayMSAPropsDetail.do, a different vulnerability than CVE-2013-0140. | ||||
CVE-2013-4883 | 1 Mcafee | 2 Epolicy Orchestrator, Epolicy Orchestrator Agent | 2024-08-06 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePO Extension for the McAfee Agent (MA) 4.5 through 4.6, allow remote attackers to inject arbitrary web script or HTML via the (1) instanceId parameter core/loadDisplayType.do; (2) instanceId or (3) monitorUrl parameter to console/createDashboardContainer.do; uid parameter to (4) ComputerMgmt/sysDetPanelBoolPie.do or (5) ComputerMgmt/sysDetPanelSummary.do; (6) uid, (7) orion.user.security.token, or (8) ajaxMode parameter to ComputerMgmt/sysDetPanelQry.do; or (9) uid, (10) orion.user.security.token, or (11) ajaxMode parameter to ComputerMgmt/sysDetPanelSummary.do. | ||||
CVE-2013-0140 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-08-06 | N/A |
SQL injection vulnerability in the Agent-Handler component in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to execute arbitrary SQL commands via a crafted request over the Agent-Server communication channel. | ||||
CVE-2013-0141 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-08-06 | N/A |
Directory traversal vulnerability in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to upload arbitrary files via a crafted request over the Agent-Server communication channel, as demonstrated by writing to the Software/ directory. | ||||
CVE-2014-2205 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-08-06 | N/A |
The Import and Export Framework in McAfee ePolicy Orchestrator (ePO) before 4.6.7 Hotfix 940148 allows remote authenticated users with permissions to add dashboards to read arbitrary files by importing a crafted XML file, related to an XML External Entity (XXE) issue. | ||||
CVE-2015-4559 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in the product deployment feature in the Java core web services in Intel McAfee ePolicy Orchestrator (ePO) before 5.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2015-2859 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-08-06 | N/A |
Intel McAfee ePolicy Orchestrator (ePO) 4.x through 4.6.9 and 5.x through 5.1.2 does not validate server names and Certification Authority names in X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
CVE-2015-0921 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-08-06 | N/A |
XML external entity (XXE) vulnerability in the Server Task Log in McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 allows remote authenticated users to read arbitrary files via the conditionXML parameter to the taskLogTable to orionUpdateTableFilter.do. | ||||
CVE-2015-0922 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-08-06 | N/A |
McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 uses the same secret key across different customers' installations, which allows attackers to obtain the administrator password by leveraging knowledge of the encrypted password. | ||||
CVE-2016-8027 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-08-06 | N/A |
SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier allows attackers to alter a SQL query, which can result in disclosure of information within the database or impersonation of an agent without authentication via a specially crafted HTTP post. | ||||
CVE-2017-3902 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-08-05 | N/A |
Cross-site scripting (XSS) vulnerability in the Web user interface (UI) in Intel Security ePO 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows authenticated users to inject malicious Java scripts via bypassing input validation. | ||||
CVE-2017-3980 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-08-05 | N/A |
A directory traversal vulnerability in the ePO Extension in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, and 5.1.3 and earlier allows remote authenticated users to execute a command of their choice via an authenticated ePO session. | ||||
CVE-2017-3936 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-08-05 | N/A |
OS Command Injection vulnerability in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, 5.3.1, 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows attackers to run arbitrary OS commands with limited privileges via not sanitizing the user input data before exporting it into a CSV format output. |