8 matches found
McAfee Email Gateway Multiple Vulnerabilities (SB10064)
The remote host is running a version of McAfee Email Gateway MEG that is affected by multiple SQL injection and command execution vulnerabilities: - Multiple SQL injections vulnerabilities exist in the administrative web interface. A remote, authenticated attacker could potentially exploit these...
McAfee Email Gateway/McAfee Email和Web Security Appliance多个SQL注入漏洞
CVE ID:CVE-2013-7092 McAfee Email Gateway是一款电子邮件解决方案。McAfee Email and Web Security Appliance用于智能化的垃圾邮件和恶意软件防护。 通过"eventscol", "eventid", "reason", "eventsorder", "emailstatusorder"和"emailstatuscol" JSON键值提交给/admin/cgi-bin/rpc/doReport/18的输入在用于SQL查询之前缺少过滤,允许远程攻击者利用漏洞提交特制的SQL查询,操作或获取数据库数据。 0 McAfee...
McAfee Email Gateway/McAfee Email and Web Security Appliance SQL注入漏洞
CVE ID:CVE-2013-7092 McAfee Email Gateway之前名为IronMail,是企业级的硬件邮件网关和管理平台。 由于通过"eventscol", "eventid", "reason", "eventsorder", "emailstatusorder"和"emailstatuscol" JSON keys传递到/admin/cgi-bin/rpc/doReport/18的输入在被用于SQL查询前没有正确过滤,攻击者可以利用漏洞通过注入任意SQL代码操纵SQL查询。 0 McAfee Email and Web Security Appliance 5.x...
CVE-2013-7103
McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the value attribute in a 1 TestFile XML element or the 2 hostname. NOTE: this issue can be combined with CVE-2013-7092 to allow remote attackers to execute commands...
Command injection
McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the value attribute in a 1 TestFile XML element or the 2 hostname. NOTE: this issue can be combined with CVE-2013-7092 to allow remote attackers to execute commands...
Command injection
McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands by specifying them in the value attribute in a 1 Command or 2 Script XML element. NOTE: this issue can be combined with CVE-2013-7092 to allow remote attackers to execute commands...
CVE-2013-7103
McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the value attribute in a 1 TestFile XML element or the 2 hostname. NOTE: this issue can be combined with CVE-2013-7092 to allow remote attackers to execute commands...
CVE-2013-7092
Summary (CVE-2013-7092, -7103, -7104) : McAfee Email Gateway (MEG) 7.6.x is affected by multiple vulnerabilities across the administrative web interface. The primary issue for CVE-2013-7092 is unaffiltered input in the JSON keys (events_col, event_id, reason, events_order, emailstatus_order, emai...