Vigil@nce - Vulnerabilities of McAfee ePolicy Orchestrator

we track for your security since 1999

vulnerabilities

subscriber area

The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them.

recent vulnerabilities

tracked products

vulnerable product

Vulnerabilities of McAfee ePolicy Orchestrator
McAfee ePolicy Orchestrator vulnerability: SQL injection
An unauthenticated attacker can use a SQL injection in Agent-Handler of McAfee ePO, which leads to code execution with system privileges.

McAfee ePolicy Orchestrator vulnerability: information disclosure in CBC mode, Lucky 13
An attacker can inject wrongly encrypted messages in a TLS/DTLS session in mode CBC, and measure the delay before the error message reception, in order to progressively guess the clear content of the session.

McAfee ePolicy Orchestrator vulnerability: denial of service via Range or Request-Range
An attacker can use several parallel queries using Range or Request-Range, in order to progressively use the available memory.

McAfee ePolicy Orchestrator vulnerability: format string attack of _naimcomn_Log
An attacker can create a format string attack in McAfee ePolicy Orchestrator in order to execute code.

McAfee ePolicy Orchestrator vulnerability: buffer overflow of SiteManager.dll
An attacker can generate two overflows in the SiteManager.Dll ActiveX.

Display other vulnerabilities of McAfee ePolicy Orchestrator described by Vigil@nce...

Display information about McAfee ePolicy Orchestrator:

http://www.mcafee.com/us/products/epolicy-orchestrator.aspx

Copyright 1999-2013 Vigil@nce. Vigil@nce is a service from Orange Business Services. Site map. Legal notice.