Lucene search
K

8 matches found

Tenable Nessus
Tenable Nessus
added 2014/03/27 12:0 a.m.26 views

McAfee Email Gateway Multiple Vulnerabilities (SB10064)

The remote host is running a version of McAfee Email Gateway MEG that is affected by multiple SQL injection and command execution vulnerabilities: - Multiple SQL injections vulnerabilities exist in the administrative web interface. A remote, authenticated attacker could potentially exploit these...

9CVSS6.3AI score0.04316EPSS
Exploits5References5
seebug.org
seebug.org
added 2014/03/18 12:0 a.m.39 views

McAfee Email Gateway/McAfee Email和Web Security Appliance多个SQL注入漏洞

CVE ID:CVE-2013-7092 McAfee Email Gateway是一款电子邮件解决方案。McAfee Email and Web Security Appliance用于智能化的垃圾邮件和恶意软件防护。 通过"eventscol", "eventid", "reason", "eventsorder", "emailstatusorder"和"emailstatuscol" JSON键值提交给/admin/cgi-bin/rpc/doReport/18的输入在用于SQL查询之前缺少过滤,允许远程攻击者利用漏洞提交特制的SQL查询,操作或获取数据库数据。 0 McAfee...

6.5CVSS6.5AI score0.01898EPSS
Exploits3
seebug.org
seebug.org
added 2014/03/14 12:0 a.m.34 views

McAfee Email Gateway/McAfee Email and Web Security Appliance SQL注入漏洞

CVE ID:CVE-2013-7092 McAfee Email Gateway之前名为IronMail,是企业级的硬件邮件网关和管理平台。 由于通过"eventscol", "eventid", "reason", "eventsorder", "emailstatusorder"和"emailstatuscol" JSON keys传递到/admin/cgi-bin/rpc/doReport/18的输入在被用于SQL查询前没有正确过滤,攻击者可以利用漏洞通过注入任意SQL代码操纵SQL查询。 0 McAfee Email and Web Security Appliance 5.x...

6.5CVSS6.5AI score0.01898EPSS
Exploits3
NVD
NVD
added 2013/12/14 5:21 p.m.20 views

CVE-2013-7103

McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the value attribute in a 1 TestFile XML element or the 2 hostname. NOTE: this issue can be combined with CVE-2013-7092 to allow remote attackers to execute commands...

9CVSS7.1AI score0.04316EPSS
Exploits1References5
Prion
Prion
added 2013/12/14 5:21 p.m.19 views

Command injection

McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the value attribute in a 1 TestFile XML element or the 2 hostname. NOTE: this issue can be combined with CVE-2013-7092 to allow remote attackers to execute commands...

9CVSS7.4AI score0.04316EPSS
Exploits4References5Affected Software1
Prion
Prion
added 2013/12/14 5:21 p.m.21 views

Command injection

McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands by specifying them in the value attribute in a 1 Command or 2 Script XML element. NOTE: this issue can be combined with CVE-2013-7092 to allow remote attackers to execute commands...

9CVSS7.5AI score0.04316EPSS
Exploits4References5Affected Software1
Cvelist
Cvelist
added 2013/12/14 5:0 p.m.24 views

CVE-2013-7103

McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the value attribute in a 1 TestFile XML element or the 2 hostname. NOTE: this issue can be combined with CVE-2013-7092 to allow remote attackers to execute commands...

7.1AI score0.04316EPSS
Exploits1References5
CVE
CVE
added 2013/12/13 6:0 p.m.51 views

CVE-2013-7092

Summary (CVE-2013-7092, -7103, -7104) : McAfee Email Gateway (MEG) 7.6.x is affected by multiple vulnerabilities across the administrative web interface. The primary issue for CVE-2013-7092 is unaffiltered input in the JSON keys (events_col, event_id, reason, events_order, emailstatus_order, emai...

6.5CVSS8.1AI score0.01898EPSS
Exploits3References5Affected Software1
Rows per page
Query Builder