47 matches found
EUVD-2015-4017
Malware in sbrugna...
EUVD-2019-13239
Malware in sbrugna...
PT-2022-21777 · Mcafee · Mcafee Epo
Name of the Vulnerable Software and Affected Versions: McAfee ePO versions prior to 5.10 Update 14 Description: The issue allows an unauthenticated remote attacker to potentially trigger a Server Side Request Forgery attack by exploiting an External XML entity XXE vulnerability. This can be done ...
CVE-2022-0858
A cross-site scripting XSS vulnerability in McAfee Enterprise ePolicy Orchestrator ePO prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link. This would lead to limited abilit...
CVE-2022-0857
A reflected cross-site scripting XSS vulnerability in McAfee Enterprise ePolicy Orchestrator ePO prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link. This would lead to...
CVE-2022-0857
A reflected cross-site scripting XSS vulnerability in McAfee Enterprise ePolicy Orchestrator ePO prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link. This would lead to...
Cross site scripting
A reflected cross-site scripting XSS vulnerability in McAfee Enterprise ePolicy Orchestrator ePO prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link. This would lead to...
Cross site scripting
A cross-site scripting XSS vulnerability in McAfee Enterprise ePolicy Orchestrator ePO prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link. This would lead to limited abilit...
CVE-2022-0858
McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 contains a cross‑site scripting (XSS) vulnerability that could allow a remote attacker to obtain an administrator’s session by persuading the user to click a crafted link, with limited ability to alter information in the affecte...
CVE-2021-23890
Information leak vulnerability in the Agent Handler of McAfee ePolicy Orchestrator ePO prior to 5.10 Update 10 allows an unauthenticated user to download McAfee product packages specifically McAfee Agent available in ePO repository and install them on their own machines to have it managed and the...
Information disclosure
Information leak vulnerability in the Agent Handler of McAfee ePolicy Orchestrator ePO prior to 5.10 Update 10 allows an unauthenticated user to download McAfee product packages specifically McAfee Agent available in ePO repository and install them on their own machines to have it managed and the...
CVE-2021-23890
CVE-2021-23890 (McAfee ePolicy Orchestrator) : An information-disclosure flaw in the ePO Agent Handler allows an unauthenticated attacker in a DMZ-enabled setup to download McAfee Agent packages from the ePO repository and obtain policy details from the ePO server. Affected: McAfee ePO prior to 5...
CVE-2019-3619
Information Disclosure vulnerability in the Agent Handler in McAfee ePolicy Orchestrator ePO 5.9.x and 5.10.0 prior to 5.10.0 update 4 allows remote unauthenticated attacker to view sensitive information in plain text via sniffing the traffic between the Agent Handler and the SQL server...
CVE-2019-3619
CVE-2019-3619 affects McAfee ePolicy Orchestrator (ePO) with the Agent Handler in 5.9.x and 5.10.0 prior to 5.10.0 Update 4. It is an information-disclosure vulnerability where sensitive data can be viewed in plain text by sniffing traffic between the Agent Handler and the SQL server. The root ca...
McAfee ePO 5.9.1 - Registered Executable Local Access Bypass Vulnerability
Exploit for windows platform in category web applications Exploit Title: McAfee ePO 5.9.1 Registered Executable Local Access Bypass Exploit Author: @leonjza Vendor Homepage: https://www.mcafee.com/ Software Link: https://www.mcafee.com/enterprise/en-us/products/epolicy-orchestrator.html Version:...
McAfee ePO 5.9.1 - Registered Executable Local Access Bypass
Exploit Title: McAfee ePO 5.9.1 Registered Executable Local Access Bypass Date: 2019-03-07 Exploit Author: @leonjza Vendor Homepage: https://www.mcafee.com/ Software Link: https://www.mcafee.com/enterprise/en-us/products/epolicy-orchestrator.html Version: ePO v5.9.1 Tested on: Windows Server 2012...
CVE-2019-3604
Cross-Site Request Forgery CSRF vulnerability in McAfee ePO legacy Cloud allows unauthenticated users to perform unintended ePO actions using an authenticated user's session via unspecified vectors...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in McAfee ePO legacy Cloud allows unauthenticated users to perform unintended ePO actions using an authenticated user's session via unspecified vectors...
Collecting & Hunting For IOCs With Gusto and Style: rastrea2r
Ever wanted to turn your AV console into an Incident Response & Threat Hunting machine? Rastrea2r pronounced “rastreador” – hunter- in Spanish is a multi-platform open source tool that allows incident responders and SOC analysts to triage suspect systems and hunt for Indicators of Compromise IOCs...
CVE-2018-6672 SB10240 - ePolicy Orchestrator (ePO) - Information disclosure vulnerablity
Information disclosure vulnerability in McAfee ePolicy Orchestrator ePO 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows authenticated users to view sensitive information in plain text format via unspecified vectors...