CVE-2017-3960 McAfee Network Security Management (NSM) - Exploitation of Authorization vulnerability

Exploitation of Authorization vulnerability in the web interface in McAfee Network Security Management NSM before 8.2.7.42.2 allows authenticated users to gain elevated privileges via a crafted HTTP request parameter...

CVE-2018-6670

The CVE-2018-6670 entry concerns McAfee Common UI (CUI) 2.0.2, specifically the ePO extension. The vulnerability is an External Entity Attack that allows remote authenticated users to view confidential information by sending a crafted HTTP request parameter. Supported documents confirm the affect...

CVE-2018-6670 External Entity Attack vulnerability in McAfee Common UI (CUI)

External Entity Attack vulnerability in the ePO extension in McAfee Common UI CUI 2.0.2 allows remote authenticated users to view confidential information via a crafted HTTP request parameter...

Artica Web Proxy 3.06.112216 Remote Code Execution

Credits: John Page aka Hyp3rlinX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/ARTICA-WEB-PROXY-v3.06-REMOTE-CODE-EXECUTION-CVE-2017-17055.txt + ISR: ApparitionSec Vendor: ======= www.articatech.com Product: ========= Artica Web Proxy v.3.06.112216...

CVE-2017-4053

Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense ATD 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to execute a command of their choice via a crafted HTTP request parameter...

Authentication flaw

Authentication Bypass vulnerability in the web interface in McAfee Advanced Threat Defense ATD 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to change or update any configuration settings, or gain administrator functionality via a crafted HTTP request parameter...

CVE-2017-4054

Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense ATD 3.10, 3.8, 3.6, 3.4 allows remote authenticated users to execute a command of their choice via a crafted HTTP request parameter...

CVE-2017-4053

Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense ATD 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to execute a command of their choice via a crafted HTTP request parameter...

CVE-2016-8025

SQL injection vulnerability in Intel Security VirusScan Enterprise Linux VSEL 2.0.3 and earlier allows remote authenticated users to obtain product information via a crafted HTTP request parameter...

CVE-2017-3899

SQL injection vulnerability in Intel Security Advanced Threat Defense ATD Linux 3.6.0 and earlier allows remote authenticated users to obtain product information via a crafted HTTP request parameter...

Sql injection

SQL injection vulnerability in Intel Security Advanced Threat Defense ATD Linux 3.6.0 and earlier allows remote authenticated users to obtain product information via a crafted HTTP request parameter...

CVE-2016-8025

SQL injection vulnerability in Intel Security VirusScan Enterprise Linux VSEL 2.0.3 and earlier allows remote authenticated users to obtain product information via a crafted HTTP request parameter...

CVE-2016-8020

Affected software : McAfee VirusScan Enterprise for Linux (VSEL) 2.0.3 and earlier. Vulnerability : CVE-2016-8020 — improper control of generation of code, allowing an authenticated remote attacker to execute arbitrary code via a crafted HTTP request parameter. Impact : remote code execution with...

Oracle Application Testing Suite ReportImage tempfilename Directory Traversal (CVE-2016-0489)

A directory traversal vulnerability exists in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation in the Oracle Test Manager component while processing the HTTP request parameter tempfilename. A remote, authenticated attacker could exploit this...