2 matches found
Directory traversal
Directory traversal vulnerability in servlet/downloadReport in McAfee Asset Manager 6.6 allows remote authenticated users to read arbitrary files via a .. dot dot in the reportFileName parameter...
CVE-2014-2587
CVE-2014-2587 affects McAfee Asset Manager 6.6, where a flaw in ReportsAudit.jsp allows SQL injection through the user parameter of an audit report. The underlying issue is improper input handling in ReportsAudit.jsp, enabling a remote authenticated user to inject and execute arbitrary SQL comman...