cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2013-4882,https://securityvulnerability.io/vulnerability/CVE-2013-4882,,"Multiple SQL injection vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePolicy Orchestrator (ePO) extension for McAfee Agent (MA) 4.5 and 4.6, allow remote authenticated users to execute arbitrary SQL commands via the uid parameter to (1) core/showRegisteredTypeDetails.do and (2) EPOAGENTMETA/DisplayMSAPropsDetail.do, a different vulnerability than CVE-2013-0140.",Mcafee,"Epolicy Orchestrator,Epolicy Orchestrator Agent",,,0.04402000084519386,false,,false,false,false,,,false,false,,2013-07-22T11:21:00.000Z,0
CVE-2013-4883,https://securityvulnerability.io/vulnerability/CVE-2013-4883,,"Multiple cross-site scripting (XSS) vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePO Extension for the McAfee Agent (MA) 4.5 through 4.6, allow remote attackers to inject arbitrary web script or HTML via the (1) instanceId parameter core/loadDisplayType.do; (2) instanceId or (3) monitorUrl parameter to console/createDashboardContainer.do; uid parameter to (4) ComputerMgmt/sysDetPanelBoolPie.do or (5) ComputerMgmt/sysDetPanelSummary.do; (6) uid, (7) orion.user.security.token, or (8) ajaxMode parameter to ComputerMgmt/sysDetPanelQry.do; or (9) uid, (10) orion.user.security.token, or (11) ajaxMode parameter to ComputerMgmt/sysDetPanelSummary.do.",Mcafee,"Epolicy Orchestrator,Epolicy Orchestrator Agent",,,0.011090000160038471,false,,false,false,false,,,false,false,,2013-07-22T11:21:00.000Z,0
CVE-2008-1357,https://securityvulnerability.io/vulnerability/CVE-2008-1357,,"Format string vulnerability in the logDetail function of applib.dll in McAfee Common Management Agent (CMA) 3.6.0.574 (Patch 3) and earlier, as used in ePolicy Orchestrator 4.0.0 build 1015, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in a sender field in an AgentWakeup request to UDP port 8082.  NOTE: this issue only exists when the debug level is 8.",Mcafee,"Mcafee Framework,Cma,Epolicy Orchestrator,Agent",,,0.7798799872398376,false,,false,false,false,,,false,false,,2008-03-17T17:00:00.000Z,0
CVE-2006-5274,https://securityvulnerability.io/vulnerability/CVE-2006-5274,,"Integer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.5.5.438 allows remote attackers to cause a denial of service (CMA Framework service crash) and possibly execute arbitrary code via unspecified vectors.",Mcafee,"Protectionpilot,Epolicy Orchestrator,Common Management Agent",,,0.03903000056743622,false,,false,false,false,,,false,false,,2007-07-12T00:00:00.000Z,0
CVE-2006-3623,https://securityvulnerability.io/vulnerability/CVE-2006-3623,,Directory traversal vulnerability in Framework Service component in McAfee ePolicy Orchestrator agent 3.5.0.x and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the directory and filename in a PropsResponse (PackageType) request.,Mcafee,Epolicy Orchestrator Agent,,,0.09867999702692032,false,,false,false,false,,,false,false,,2006-07-18T15:46:00.000Z,0