CVE-2025-49264

CVE-2025-49264 is a Local File Inclusion in the WordPress plugin Cloud SAML SSO – Single Sign On Login (versions up to 1.0.18). The flaw stems from improper control of the filename used by Include/Require, enabling potential PHP local file inclusion. Affected product version range is from n/a thr...

PT-2025-33195 · Unknown · Cloud Saml Sso - Single Sign On Login

Name of the Vulnerable Software and Affected Versions: Cloud SAML SSO - Single Sign On Login versions through 1.0.18 Description: The software contains an Improper Control of Filename for Include/Require Statement, also known as a PHP Remote File Inclusion issue. This allows for PHP Local File...

McAfee Cloud Single Sign On ExtensionAccessServlet Directory Traversal (CVE-2014-2536)

A directory traversal vulnerability has been reported in the ExtensionAccessServlet included in McAfee Cloud Single Sign On. The vulnerability is due to insufficient input sanitization on the GET request URI passed to the ExtensionAccessServlet. A remote unauthenticated attacker can exploit this...

McAfee Cloud Single Sign On登录审核表单跨站脚本漏洞

CVE ID:CVE-2014-2586 McAfee Cloud Single Sign On是适用于云的身份信息管理解决方案。 McAfee Cloud Single Sign On登录审核表单不正确处理特制的密码数据，允许攻击者利用漏洞注入任意WEB脚本或HTML，可获取目标用户敏感信息或劫持用户会话。 0 McAfee Cloud Single Sign On 目前没有详细解决方案提供： http://www.mcafee.com/us/products/...

McAfee Cloud Single Sign On < 4.0.1 Information Disclosure (SB10066) (Windows)

A version of McAfee Cloud Single Sign On MCSSO prior to 4.0.1 is installed on the remote host. It is, therefore, affected by an information disclosure vulnerability due to a failure to sanitize user-supplied input, resulting in potential directory traversal. An attacker could potentially exploit...

McAfee Cloud Single Sign On Detection

Binary data mcafeecssoinstalled.nbin...

McAfee Cloud Single Sign On < 4.0.1 Information Disclosure (SB10066) (McAfee Linux OS)

A version of McAfee Cloud Single Sign On MCSSO prior to 4.0.1 is installed on the remote host. It is, therefore, affected by an information disclosure vulnerability due to a failure to sanitize user-supplied input, resulting in a potential directory traversal. An attacker could potentially exploi...

McAfee Cloud Single Sign On WebUI Default Credentials

The McAfee Cloud Single Sign On WebUI interface on the remote host has the 'admin' user account secured with the default password. A remote, unauthenticated attacker could exploit this to gain administrative access to the web interface. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

CVE-2014-2586

Cross-site scripting XSS vulnerability in the login audit form in McAfee Cloud Single Sign On SSO allows remote attackers to inject arbitrary web script or HTML via a crafted password...

CVE-2014-2536

Directory traversal vulnerability in McAfee Cloud Identity Manager 3.0, 3.1, and 3.5.1, McAfee Cloud Single Sign On MCSSO before 4.0.1, and Intel Expressway Cloud Access 360-SSO 2.1 and 2.5 allows remote authenticated users to read an unspecified file containing a hash of the administrator passwo...

McAfee Cloud Single Sign On目录遍历漏洞

CVE ID: CVE-2014-2536 McAfee Cloud Single Sign On是一款基于云的单点登录解决方案。 McAfee Cloud Single Sign On不正确过滤用户提交的输入，允许远程攻击者利用漏洞提交特制的目录遍历请求，读取任意文件内容。 0 McAfee Cloud Single Sign On formerly McAfee Cloud Identity Manager 4.x McAfee Cloud Single Sign On 4.0.1已经修复该漏洞，建议用户下载更新：...