McAfee ePolicy Orchestrator 4.6.5 SQL injection & directory traversal

If you heard about the following vulnerabilities in McAfee ePolicy Orchestrator version 4.6.5 and earlier:

    CVE-2013-0140 &#8211; Pre-authenticated SQL injection
    CVE-2013-0141 &#8211; Pre-authenticated directory path traversal

and your environment haven't been updated yet, then you should consider watching this video&#8230;

Main Features:

    Remote command execution on the ePo server.
    Remote command execution on the Managed stations (one ring to rule them all).
    File upload on the ePo server.
    Active Directory credentials stealing.