Vulnerabilities for Epolicy orchestrator agent (...) - CXSECURITY.COM

Vulnerabilities for 'Epolicy orchestrator agent'

2013-07-22

CVE-2013-4883

CWE-79

Multiple cross-site scripting (XSS) vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePO Extension for the McAfee Agent (MA) 4.5 through 4.6, allow remote attackers to inject arbitrary web script or HTML via the (1) instanceId parameter core/loadDisplayType.do; (2) instanceId or (3) monitorUrl parameter to console/createDashboardContainer.do; uid parameter to (4) ComputerMgmt/sysDetPanelBoolPie.do or (5) ComputerMgmt/sysDetPanelSummary.do; (6) uid, (7) orion.user.security.token, or (8) ajaxMode parameter to ComputerMgmt/sysDetPanelQry.do; or (9) uid, (10) orion.user.security.token, or (11) ajaxMode parameter to ComputerMgmt/sysDetPanelSummary.do.

CVE-2013-4882

CWE-89

Multiple SQL injection vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePolicy Orchestrator (ePO) extension for McAfee Agent (MA) 4.5 and 4.6, allow remote authenticated users to execute arbitrary SQL commands via the uid parameter to (1) core/showRegisteredTypeDetails.do and (2) EPOAGENTMETA/DisplayMSAPropsDetail.do, a different vulnerability than CVE-2013-0140.

2006-07-18

CVE-2006-3623

CWE-Other

Directory traversal vulnerability in Framework Service component in McAfee ePolicy Orchestrator agent 3.5.0.x and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the directory and filename in a PropsResponse (PackageType) request.

>>> Vendor: Mcafee 136 Products

Remote desktop 32

Epolicy orchestrator

Entercept agent

Antivirus engine

Security installer control system

Internet security suite

Intrushield security management system

Virusscan security center

Common management agent

Virusscan enterprise

Epolicy orchestrator agent

Personal firewall plus

Privacy service

Security center

Wireless home network security

Protectionpilot

E-business server

Securitycenter agent

Mcafee framework

Encrypted usb manager

Safeboot device encryption

Active virus defense

Active virusscan

Securityshield for email servers

Securityshield for microsoft isa server

Securityshield for microsoft sharepoint

Total protection

Total protection for endpoint

Virusscan commandline

Email and web security appliance

Intrushield network security manager

Unified threat management firewall firmware

Saas endpoint protection

Host data loss prevention

Firewall reporter

Email and web security

Enterprise mobility manager

Enterprise mobility manager agent

Application control

Mcafee virtual technician

Epo mcafee virtual technician

Total protection 2010

Vulnerability manager

Cloud identity manager

Cloud single sign on

Network security manager

Network data loss prevention

Endpoint encryption for files and folders

Mcafee file and removable media protection

File and removable media protection

Data loss prevention endpoint

Advanced threat defense

Epo deep command

Threat intelligence exchange

Enterprise security manager

Enterprise security manager/log manager

Enterprise security manager/receiver

Mcafee enterprise security manager

Active response

Data exchange layer

Endpoint security

Host intrusion prevention

Smartfilter administration

Security information and event management

Security scan plus

Host intrusion prevention services

Cloud analysis and deconstructive services

Security webadvisor

Saas control console platform

See all Products for Vendor Mcafee

Copyright 2024, cxsecurity.com