20 matches found
CVE-2016-8025
SQL injection vulnerability in Intel Security VirusScan Enterprise Linux VSEL 2.0.3 and earlier allows remote authenticated users to obtain product information via a crafted HTTP request parameter...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in Intel Security VirusScan Enterprise Linux VSEL 2.0.3 and earlier allows authenticated remote attackers to execute unauthorized commands via a crafted user input...
Information disclosure
Information exposure in Intel Security VirusScan Enterprise Linux VSEL 2.0.3 and earlier allows authenticated remote attackers to obtain the existence of unauthorized files on the system via a URL parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in attributes in Intel Security VirusScan Enterprise Linux VSEL 2.0.3 and earlier allows unauthenticated remote attackers to inject arbitrary web script or HTML via a crafted user input...
CVE-2016-8018
Cross-site request forgery CSRF vulnerability in Intel Security VirusScan Enterprise Linux VSEL 2.0.3 and earlier allows authenticated remote attackers to execute unauthorized commands via a crafted user input...
CVE-2016-8019
Cross-site scripting XSS vulnerability in attributes in Intel Security VirusScan Enterprise Linux VSEL 2.0.3 and earlier allows unauthenticated remote attackers to inject arbitrary web script or HTML via a crafted user input...
Sql injection
SQL injection vulnerability in Intel Security VirusScan Enterprise Linux VSEL 2.0.3 and earlier allows remote authenticated users to obtain product information via a crafted HTTP request parameter...
CVE-2016-8025
SQL injection vulnerability in Intel Security VirusScan Enterprise Linux VSEL 2.0.3 and earlier allows remote authenticated users to obtain product information via a crafted HTTP request parameter...
CVE-2016-8019
CVE-2016-8019 is an XSS vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 and earlier. The issue affects the web interface where user input passed through tplt parameters (notably info:7/info:5 in NailsConfig.html or MonitorHost.html) can be crafted by an unauthenticated rem...
CVE-2016-8016
CVE-2016-8016 affects McAfee VirusScan Enterprise for Linux (VSEL) 2.0.3 and earlier. The vulnerability is an information disclosure via the web interface: an authenticated remote attacker can use a URL parameter to determine the existence of unauthorized files on the system. Connected sources al...
CVE-2016-8022
CVE-2016-8022 affects McAfee VirusScan Enterprise for Linux (VSEL) 2.0.3 and earlier. The vulnerability enables authentication bypass via the web interface by manipulating authentication cookies; an unauthenticated remote attacker could bypass login and potentially execute code or cause a denial ...
CVE-2016-8024
Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security VirusScan Enterprise Linux VSEL 2.0.3 and earlier allows remote unauthenticated attacker to obtain sensitive information via the server HTTP response spoofing...
CVE-2016-8018
CVE-2016-8018 affects McAfee VirusScan Enterprise for Linux (VSEL) up to version 2.0.3. The issue is a cross-site request forgery (CSRF) vulnerability in the web interface that can allow an authenticated remote attacker to execute unauthorized commands via crafted input. Connected documents corro...
CVE-2016-8023
CVE-2016-8023 affects McAfee VirusScan Enterprise for Linux (VSEL) 2.0.3 and earlier. The flaw is an authentication bypass in the web interface caused by improper handling of the nailsSessionId cookie, enabling an unauthenticated, remote attacker to bypass server authentication by manipulating/gu...
CVE-2016-8022
Authentication bypass by spoofing vulnerability in Intel Security VirusScan Enterprise Linux VSEL 2.0.3 and earlier allows remote unauthenticated attacker to execute arbitrary code or cause a denial of service via a crafted authentication cookie...
CVE-2016-8021
CVE-2016-8021 affects McAfee VirusScan Enterprise for Linux (VSEL) 2.0.3 and earlier. The vulnerability is in the web interface’s verification of cryptographic signatures, allowing a remote authenticated attacker to spoof the update server and execute arbitrary code via a crafted input file. Impa...
CVE-2016-8020
Affected software : McAfee VirusScan Enterprise for Linux (VSEL) 2.0.3 and earlier. Vulnerability : CVE-2016-8020 — improper control of generation of code, allowing an authenticated remote attacker to execute arbitrary code via a crafted HTTP request parameter. Impact : remote code execution with...
CVE-2016-8017
CVE-2016-8017 is a concrete vulnerability in McAfee VirusScan Enterprise for Linux (VSEL) up to version 2.0.3 where the web interface handles special elements (tplt) in user input, enabling an authenticated remote attacker to read files on the webserver. The underlying issue is a Special Element ...
CVE-2016-8017
Special element injection vulnerability in Intel Security VirusScan Enterprise Linux VSEL 2.0.3 and earlier allows authenticated remote attackers to read files on the webserver via a crafted user input...
CVE-2016-8016
Information exposure in Intel Security VirusScan Enterprise Linux VSEL 2.0.3 and earlier allows authenticated remote attackers to obtain the existence of unauthorized files on the system via a URL parameter...