11 matches found
EUVD-2014-2619
Malware in sbrugna...
McAfee Asset Manager 6.6 - Multiple Vulnerabilities
No description provided by source. Cloud SSO is vuln to unauthed XSS in the authentication audit form: https://twitter.com/BrandonPrry/status/445969380656943104 McAfee Asset Manager v6.6 multiple vulnerabilities http://www.mcafee.com/us/products/asset-manager.aspx Authenticated arbitrary file rea...
McAfee Asset Manager ReportsAudit.jsp Input Validation Error (CVE-2014-2587)
An input validation error vulnerability has been reported in McAfee Asset Manager. The vulnerability is due to insufficient input validation on the "user" parameter of "ReportsAudit.jsp". A remote authenticated attacker can exploit this vulnerability to execute SQL commands on the underlying...
McAfee Asset Manager Multiple Vulnerabilities
McAfee Asset Manager is prone to directory traversal and SQL injection vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Sql injection
SQL injection vulnerability in jsp/reports/ReportsAudit.jsp in McAfee Asset Manager 6.6 allows remote authenticated users to execute arbitrary SQL commands via the username of an audit report aka user parameter...
Directory traversal
Directory traversal vulnerability in servlet/downloadReport in McAfee Asset Manager 6.6 allows remote authenticated users to read arbitrary files via a .. dot dot in the reportFileName parameter...
CVE-2014-2587
SQL injection vulnerability in jsp/reports/ReportsAudit.jsp in McAfee Asset Manager 6.6 allows remote authenticated users to execute arbitrary SQL commands via the username of an audit report aka user parameter...
CVE-2014-2588
CVE-2014-2588 affects McAfee Asset Manager 6.6, where the servlet/downloadReport endpoint is vulnerable through the reportFileName parameter. The root cause is directory traversal via a ".." input, allowing remote authenticated users to read arbitrary files on the server. Public sources from NVD ...
McAfee Asset Manager 6.6 - Multiple Vulnerabilities
Exploit for jsp platform in category web applications Cloud SSO is vuln to unauthed XSS in the authentication audit form: https://twitter.com/BrandonPrry/status/445969380656943104 McAfee Asset Manager v6.6 multiple vulnerabilities http://www.mcafee.com/us/products/asset-manager.aspx Authenticated...
McAfee Asset Manager 6.6 - Multiple Vulnerabilities
McAfee Asset Manager 6.6 - Multiple Vulnerabilities Cloud SSO is vuln to unauthed XSS in the authentication audit form: https://twitter.com/BrandonPrry/status/445969380656943104 McAfee Asset Manager v6.6 multiple vulnerabilities http://www.mcafee.com/us/products/asset-manager.aspx Authenticated...
McAfee Asset Manager 6.6 - Multiple Vulnerabilities
Cloud SSO is vuln to unauthed XSS in the authentication audit form: https://twitter.com/BrandonPrry/status/445969380656943104 McAfee Asset Manager v6.6 multiple vulnerabilities http://www.mcafee.com/us/products/asset-manager.aspx Authenticated arbitrary file read An unprivileged authenticated use...