6 matches found
McAfee SaaS MyCioScan ShowReport Remote Command Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "McAfee SaaS...
McAfee SaaS MyCioScan ShowReport Remote Command Execution
Exploit for windows platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework...
McAfee SaaS MyCioScan ShowReport - Remote Command Execution (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "McAfee SaaS...
ZDI-12-012 : (0Day) McAfee SaaS myCIOScn.dll ShowReport Method Remote Command Execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-012 : 0Day McAfee SaaS myCIOScn.dll ShowReport Method Remote Command Execution http://www.zerodayinitiative.com/advisories/ZDI-12-012 January 12, 2012 - -- CVE ID: - -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C - -- Affected Vendors: McAfee - --...
(0Day) McAfee SaaS myCIOScn.dll ShowReport Method Remote Command Execution
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of McAfee Security-as-a-Service. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaws exists within...
McAfee SaaS Endpoint Protection 'myCIOScn' ActiveX远程代码执行漏洞
Bugtraq ID: 49087 McAfee SaaS Endpoint Protection是一款提供了用于拦截病毒、间谍软件、Web 威胁和黑客攻击的基本保护功能。 myCIOScn.dll存在缺陷。首先通过ActiveX导出的MyCioScan.Scan.ReportFile参数可设置为任意文件名,包括敏感系统文件和目录,其次,可构建特制的MyCioScan.Scan.Start方法的参数,把恶意脚本注入到在AV扫描结束时创建的日志文件中。组合这两个缺陷可使远程攻击者以浏览器上下文执行任意代码。 0 McAfee SaaS Endpoint Protection 5.2.1...