20 matches found
CVE-2020-7268
CVE-2020-7268 affects McAfee Email Gateway (MEG) prior to version 7.6.406, where a path traversal vulnerability allows remote attackers to construct input that accesses files/directories outside the restricted directory. The issue stems from how external input is used to form file paths in the ME...
CVE-2009-1348
CVE-2009-1348 affects McAfee antivirus products (VirusScan, Total Protection, Internet Security, SecurityShield for ISA Server/SharePoint, Security for Email Servers/Email Gateway, Active Virus Defense, etc.). The issue is a virus-detection bypass caused by malformed archive metadata in ZIP/RAR f...
CVE-2012-4585
CVE-2012-4585 affects McAfee Email and Web Security (EWS) 5.x prior to 5.5 Patch 6 and 5.6 prior to Patch 3, and McAfee Email Gateway (MEG) 7.0 prior to Patch 1. The vulnerability allows remote authenticated users to read arbitrary files via a crafted URL. The available documents do not provide e...
CVE-2013-6349
The MEG vulnerability CVE-2013-6349 affects McAfee Email Gateway (MEG) 7.0 before 7.0.4 and 7.5 before 7.5.1. It allows remote authenticated users to execute arbitrary commands via unspecified vectors. The Connected documents corroborate the affected versions and the impact, but do not supply a r...
CVE-2012-4580
The CVE-2012-4580 issue affects McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1. It is a cross-site scripting (XSS) vulnerability that allows a remote attacker to inject arbitrary web script or HTML via vectors r...
CVE-2012-4583
McAfee Email and Web Security (EWS) 5.x up to 5.5 Patch 6 and 5.6 up to Patch 3, and McAfee Email Gateway (MEG) 7.0 up to Patch 1 are affected. The issue lets remote authenticated users obtain other users’ session tokens by navigating within the Dashboard, due to a session-token exposure in the U...
CVE-2013-7092
Summary (CVE-2013-7092, -7103, -7104) : McAfee Email Gateway (MEG) 7.6.x is affected by multiple vulnerabilities across the administrative web interface. The primary issue for CVE-2013-7092 is unaffiltered input in the JSON keys (events_col, event_id, reason, events_order, emailstatus_order, emai...
CVE-2013-7104
McAfee Email Gateway 7.6 is affected by CVE-2013-7104, where remote authenticated administrators can execute arbitrary commands by supplying them in the value attribute of the Command or Script XML elements. This issue can be chained with CVE-2013-7092 to enable broader command execution. Connect...
CVE-2012-4581
The vulnerability CVE-2012-4581 affects McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1. The root cause is that the server-side session token is not invalidated when the Management Console/Dashboard is closed, en...
CVE-2015-1619
CVE-2015-1619 affects McAfee Email Gateway (MEG) Secure Web Mail Client UI. Multiple sources describe an XSS vulnerability in the UI that permits remote authenticated users to inject arbitrary web script or HTML via unspecified tokens in Digest messages. Affected versions include MEG 7.6.x before...
CVE-2016-3969
McAfee Email Gateway (MEG) 7.6.x prior to 7.6.404 is affected by a cross-site scripting (XSS) vulnerability when File Filtering is enabled and the action is ESERVICES:REPLACE. An unauthenticated, remote attacker can exploit this by sending an attachment in a blocked email to trigger script execut...
CVE-2012-4596
CVE-2012-4596 is a directory traversal vulnerability in McAfee Email Gateway (MEG) 7.0.0 and 7.0.1 . The issue allows remote authenticated users to bypass access restrictions and download arbitrary files via a crafted URL, potentially impacting confidentiality. The documents explicitly describe t...
CVE-2016-8005
CVE-2016-8005 is a file-extension filtering vulnerability in Intel Security McAfee Email Gateway (MEG) prior to 7.6.404h1128596. An attacker can bypass proper filename detection by forging a filename with a null byte in the extension, as described in NVD and relatedOpenVAS entries. Affected produ...
CVE-2010-2116
The affected product is McAfee Email Gateway (formerly IronMail) version 6.7.1. The vulnerability is in the web interface, where remote authenticated users with only Read privileges can gain Write privileges by sending a direct request to admin/systemWebAdminConfig.do via the save action, allowin...
CVE-2012-4586
CVE-2012-4586 affects McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6, and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1. The issue: remote authenticated users can cause a file request to be processed with root privileges, bypassing intended permission checks. T...
CVE-2012-4582
McAfee EWS 5.x (before 5.5 Patch 6) and 5.6 (before Patch 3), and McAfee MEG 7.0 (before Patch 1) are affected by CVE-2012-4582. The vulnerability allows remote authenticated users to reset the passwords of arbitrary administrative accounts via unspecified vectors. The impact is administrative cr...
CVE-2012-4584
McAfee products affected: Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3; McAfee Email Gateway (MEG) 7.0 before Patch 1. The issue: backups are not properly encrypted, enabling remote authenticated users to read a backup file and obtain sensitive data such as password ...
CVE-2012-4595
The CVE-2012-4595 entry concerns McAfee Email and Web Security (EWS) 5.5–Patch6 and 5.6–Patch3, and McAfee Email Gateway (MEG) 7.0.0–7.0.1, where remote attackers can bypass authentication to obtain an admin session ID. The connected document from Tenable (MCAFEE_WEBSHIELD_AUTH_BYPASS.NASL) descr...
CVE-2013-7103
CVE-2013-7103 affects McAfee Email Gateway 7.6. Remote authenticated administrators can execute arbitrary commands by injecting shell metacharacters in the value attribute of a TestFile XML element or in the hostname. This is a command-injection in the administrative web interface and can be comb...
CVE-2012-4597
The CVE-2012-4597 entry describes a cross-site scripting (XSS) vulnerability in McAfee Email and Web Security (EWS) 5.5 (through Patch 6) and 5.6 (through Patch 3), and McAfee Email Gateway (MEG) 7.0.0 and 7.0.1. The issue enables remote attackers to inject arbitrary web script or HTML via vector...