17 matches found
EUVD-2011-2975
Malware in sbrugna...
EUVD-2011-5001
Malware in sbrugna...
EUVD-2013-7221
Malware in sbrugna...
Directory traversal
A directory traversal vulnerability in the web application in McAfee now Intel Security SaaS Control Console SCC Platform 6.14 before patch 1070, and 6.15 before patch 1076 allows unauthenticated users to view contents of arbitrary system files that did not have file system level read access...
Design/Logic Flaw
The Rumor technology in McAfee SaaS Endpoint Protection before 5.2.4 allows remote attackers to relay e-mail messages via unspecified vectors, as demonstrated by relaying spam...
CVE-2011-5101
The Rumor technology in McAfee SaaS Endpoint Protection before 5.2.4 allows remote attackers to relay e-mail messages via unspecified vectors, as demonstrated by relaying spam...
McAfee SaaS MyCioScan ShowReport - Remote Command Execution (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "McAfee SaaS...
McAfee SaaS Endpoint Protection Version Detection (Windows)
This script finds the installed McAfee SaaS Endpoint Protection version and saves the result in KB. OpenVAS Vulnerability Test $Id: secpodmcafeesaasendpointprotectiondetect.nasl 7293 2017-09-27 08:49:48Z cfischer $ McAfee SaaS Endpoint Protection Version Detection Windows Authors: Sooraj KS...
McAfee SaaS Endpoint Protection ActiveX Controls Multiple Code Execution Vulnerabilities
This host is installed with McAfee SaaS Endpoint Protection and is prone to multiple code execution vulnerabilities. OpenVAS Vulnerability Test $Id: secpodmcafeesaasendpointprotectionmultcodeexecvuln.nasl 7029 2017-08-31 11:51:40Z teissa $ McAfee SaaS Endpoint Protection ActiveX Controls Multiple...
McAfee SaaS Endpoint Protection ActiveX Controls Multiple Code Execution Vulnerabilities
McAfee SaaS Endpoint Protection is prone to multiple code execution vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
CVE-2011-3007
The myCIOScn ActiveX control myCIOScn.dll in McAfee SaaS Endpoint Protection 5.2.1 and earlier allows remote attackers to write to arbitrary files by specifying an arbitrary filename in the MyCioScan.Scan.ReportFile parameter, as demonstrated by injecting script into a log file and executing...
CVE-2011-3006
The MyAsUtil ActiveX control in MyAsUtil5.2.0.603.dll in McAfee SaaS Endpoint Protection 5.2.1 and earlier allows remote attackers to bypass the MyASUtil.SecureObjectFactory.CreateSecureObject domain execution policy using a cross-site scripting XSS attack, execute arbitrary code using the...
CVE-2011-3007
The myCIOScn ActiveX control myCIOScn.dll in McAfee SaaS Endpoint Protection 5.2.1 and earlier allows remote attackers to write to arbitrary files by specifying an arbitrary filename in the MyCioScan.Scan.ReportFile parameter, as demonstrated by injecting script into a log file and executing...
CVE-2011-3006
The CVE-2011-3006 entry concerns the MyAsUtil ActiveX control (MyAsUtil5.2.0.603.dll) in McAfee SaaS Endpoint Protection, affected in 5.2.1 and earlier. The vulnerability arises in the MyAsUtil.SecureObjectFactory.CreateSecureObject domain policy, which can be bypassed via a cross-site scripting ...
CVE-2011-3006
The MyAsUtil ActiveX control in MyAsUtil5.2.0.603.dll in McAfee SaaS Endpoint Protection 5.2.1 and earlier allows remote attackers to bypass the MyASUtil.SecureObjectFactory.CreateSecureObject domain execution policy using a cross-site scripting XSS attack, execute arbitrary code using the...
McAfee SaaS Endpoint Protection 'MyAsUtil5.2.0.603.dll' ActiveX远程代码执行漏洞
Bugtraq ID: 49088 McAfee SaaS Endpoint Protection是一款提供了用于拦截病毒、间谍软件、Web 威胁和黑客攻击的基本保护功能。 MyAsUtil5.2.0.603.dll提供的ActiveX控件存在安全漏洞。首先跨站脚本可用于绕过MyASUtil.SecureObjectFactory.CreateSecureObject中实现的域执行策略来创建一个MyASUtil.InstallInfo实例,之后MyASUtil.InstallInfo.RunUserProgram可用于在系统上执行代码。另外用户系统上多个其他对象和接口可任意使用这个通用机...
McAfee SaaS Endpoint Protection 'myCIOScn' ActiveX远程代码执行漏洞
Bugtraq ID: 49087 McAfee SaaS Endpoint Protection是一款提供了用于拦截病毒、间谍软件、Web 威胁和黑客攻击的基本保护功能。 myCIOScn.dll存在缺陷。首先通过ActiveX导出的MyCioScan.Scan.ReportFile参数可设置为任意文件名,包括敏感系统文件和目录,其次,可构建特制的MyCioScan.Scan.Start方法的参数,把恶意脚本注入到在AV扫描结束时创建的日志文件中。组合这两个缺陷可使远程攻击者以浏览器上下文执行任意代码。 0 McAfee SaaS Endpoint Protection 5.2.1...