Mcafee : Security Vulnerabilities, CVEs, Published In 2003 (Code Execution)
Format string vulnerability in ePO service for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code via a POST request with format strings in the computerlist parameter, which are used when logging a failed name resolution.
Max CVSS
7.5
EPSS Score
1.72%
Published
2003-08-27
Updated
2013-07-23
Heap-based buffer overflow in ePO agent for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code via a POST request containing long parameters.
Max CVSS
7.5
EPSS Score
0.88%
Published
2003-08-27
Updated
2008-09-10
The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 through 3.0 allows attackers to execute arbitrary code via a series of steps that (1) obtain the database administrator username and encrypted password in a configuration file from the ePO server using a certain request, (2) crack the password due to weak cryptography, and (3) use the password to pass commands through xp_cmdshell.
Max CVSS
7.2
EPSS Score
0.04%
Published
2003-08-27
Updated
2008-09-10
Format string vulnerability in McAfee Security ePolicy Orchestrator (ePO) 2.5.1 allows remote attackers to execute arbitrary code via an HTTP GET request with a URI containing format strings.
Max CVSS
10.0
EPSS Score
6.10%
Published
2003-04-11
Updated
2018-10-19
4 vulnerabilities found