10 matches found
CVE-2012-4585
CVE-2012-4585 affects McAfee Email and Web Security (EWS) 5.x prior to 5.5 Patch 6 and 5.6 prior to Patch 3, and McAfee Email Gateway (MEG) 7.0 prior to Patch 1. The vulnerability allows remote authenticated users to read arbitrary files via a crafted URL. The available documents do not provide e...
CVE-2012-4580
The CVE-2012-4580 issue affects McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1. It is a cross-site scripting (XSS) vulnerability that allows a remote attacker to inject arbitrary web script or HTML via vectors r...
CVE-2012-4583
McAfee Email and Web Security (EWS) 5.x up to 5.5 Patch 6 and 5.6 up to Patch 3, and McAfee Email Gateway (MEG) 7.0 up to Patch 1 are affected. The issue lets remote authenticated users obtain other users’ session tokens by navigating within the Dashboard, due to a session-token exposure in the U...
CVE-2012-4581
The vulnerability CVE-2012-4581 affects McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1. The root cause is that the server-side session token is not invalidated when the Management Console/Dashboard is closed, en...
CVE-2012-4584
McAfee products affected: Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3; McAfee Email Gateway (MEG) 7.0 before Patch 1. The issue: backups are not properly encrypted, enabling remote authenticated users to read a backup file and obtain sensitive data such as password ...
CVE-2012-4586
CVE-2012-4586 affects McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6, and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1. The issue: remote authenticated users can cause a file request to be processed with root privileges, bypassing intended permission checks. T...
CVE-2012-4582
McAfee EWS 5.x (before 5.5 Patch 6) and 5.6 (before Patch 3), and McAfee MEG 7.0 (before Patch 1) are affected by CVE-2012-4582. The vulnerability allows remote authenticated users to reset the passwords of arbitrary administrative accounts via unspecified vectors. The impact is administrative cr...
CVE-2012-4595
The CVE-2012-4595 entry concerns McAfee Email and Web Security (EWS) 5.5–Patch6 and 5.6–Patch3, and McAfee Email Gateway (MEG) 7.0.0–7.0.1, where remote attackers can bypass authentication to obtain an admin session ID. The connected document from Tenable (MCAFEE_WEBSHIELD_AUTH_BYPASS.NASL) descr...
CVE-2012-4014
CVE-2012-4014 affects McAfee Email Anti-virus (formerly WebShield SMTP). The vulnerability enables remote denial of service via unspecified vectors; impact is DoS as described by multiple sources. Public details are consistent across NVD, Red Hat, JVN entries, and CVE listings. Remediation is not...
CVE-2012-4597
The CVE-2012-4597 entry describes a cross-site scripting (XSS) vulnerability in McAfee Email and Web Security (EWS) 5.5 (through Patch 6) and 5.6 (through Patch 3), and McAfee Email Gateway (MEG) 7.0.0 and 7.0.1. The issue enables remote attackers to inject arbitrary web script or HTML via vector...