mcafee

104 items tagged "mcafee"

Related tags: technician [+], virusscan [+], code [+], site [+], saas [+], proof of concept [+], linuxshield [+], firewall [+], cross [+], command execution [+], arbitrary code [+], web gateway [+], warns [+], txt [+], safer use [+], remote [+], mycioscn [+], john [+], gateway [+], victim machine [+], version 6 [+], showreport [+], sensitive system [+], reporter generalutilities [+], python script [+], metasploit [+], malicious attacker [+], line 6 [+], john mcafee [+], intel [+], information disclosure [+], host headers [+], hash [+], getobject function [+], file [+], exploits [+], command [+], bup extension [+], active x control [+], zdi [+], virusscan enterprise [+], tpti [+], tar gz [+], tar [+], script injection [+], root code [+], nsopoc [+], nsoadv [+], neighbor [+], isvalidclient [+], hackers [+], execution [+], exec [+], dll loading [+], dll [+], design flaw [+], cross site scripting [+], blogs [+], authentication [+], arbitrary code execution [+], code execution [+], vulnerability [+], web [+], wolf [+], winpatrol [+], wikileaks style [+], weapons [+], vulnerabilities [+], visa waiver [+], virus warning [+], video [+], utm [+], update [+], trade secrets [+], threat analysis [+], threat [+], third party [+], third [+], targets [+], target [+], system administrators [+], surprise [+], sued [+], strikes [+], squid [+], splats [+], sparked [+], spam [+], smartphones [+], smartfilter [+], sees [+], security intelligence [+], security holes [+], security [+], reporter [+], project [+], progress [+], pitches [+], pc crash [+], party pop [+], offers [+], mycioscan [+], myasutil [+], mvt [+], manhunt [+], leave [+], kaspersky [+], jacking [+], insecure method [+], ibm [+], hospitals [+], hijack [+], heart attack [+], heart [+], hacker [+], gobble [+], global pc [+], gateway url [+], founder [+], false alarm [+], false [+], endpoint [+], day [+], cybercrooks [+], crying wolf [+], computer systems [+], completes [+], cash [+], car computer [+], car [+], bungle [+], bugtraq [+], bug [+], bricks [+], booked [+], blames [+], barnaby jack on [+], barnaby [+], attackers [+], attack [+], apple [+], anti virus [+], android [+], analysis [+], alarm [+], admits [+], administration server [+], administration [+], acquisition [+], accuses [+], about [+], Issues [+], web security [+], security appliance [+], email [+], virtual technician [+], virtual [+]

December 14, 2012
20:25
McAfee Warns Of Project Blitzkrieg Banking Malware Threats
» ‎ Packet Storm Security Headlines

McAfee Warns Of Project Blitzkrieg Banking Malware Threats
Tags: project mcafee warns
December 13, 2012
8:10
Video: McAfee Admits To Playing The Crazy Card, Lying
» ‎ Packet Storm Security Headlines

Video: McAfee Admits To Playing The Crazy Card, Lying
Tags: admits video mcafee
December 12, 2012
8:13
John McAfee To Leave Jail And Return To US
» ‎ Packet Storm Security Headlines

John McAfee To Leave Jail And Return To US
Tags: john mcafee leave
December 11, 2012
8:29
No Surprise - John McAfee Sells Movie Rights To His Manhunt
» ‎ Packet Storm Security Headlines

No Surprise - John McAfee Sells Movie Rights To His Manhunt
Tags: john mcafee surprise john-mcafee manhunt
December 06, 2012
21:39
McAfee Did Not Have A Heart Attack
» ‎ Packet Storm Security Headlines

McAfee Did Not Have A Heart Attack
Tags: mcafee attack heart heart-attack
November 19, 2012
13:54
John McAfee Blogs For Helps, Offers $25k Reward For Neighbor's Killer
» ‎ Packet Storm Security Headlines

John McAfee Blogs For Helps, Offers $25k Reward For Neighbor's Killer
Tags: john blogs mcafee john-mcafee neighbor
13:54
John McAfee Blogs For Help, Offers $25k Reward For Neighbor's Killer
» ‎ Packet Storm Security Headlines

John McAfee Blogs For Help, Offers $25k Reward For Neighbor's Killer
Tags: john blogs mcafee john-mcafee neighbor
August 23, 2012
18:55
McAfee Splats Bug That Knocked Punters Offline
» ‎ Packet Storm Security Headlines

McAfee Splats Bug That Knocked Punters Offline
Tags: bug splats mcafee

0:00
Vuln: McAfee Firewall Reporter 'GernalUtilities.pm' Authentication Bypass Vulnerability
» ‎ SecurityFocus Vulnerabilities

McAfee Firewall Reporter 'GernalUtilities.pm' Authentication Bypass Vulnerability
Tags: reporter mcafee firewall vulnerability authentication
0:00
Vuln: McAfee VirusScan Enterprise 'traceapp.dll' DLL Loading Arbitrary Code Execution Vulnerability
» ‎ SecurityFocus Vulnerabilities

McAfee VirusScan Enterprise 'traceapp.dll' DLL Loading Arbitrary Code Execution Vulnerability
Tags: virusscan dll mcafee arbitrary-code-execution dll-loading virusscan-enterprise
0:00
Vuln: McAfee Email and Web Security Appliance and Email Gateway Multiple Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

McAfee Email and Web Security Appliance and Email Gateway Multiple Vulnerabilities
Tags: mcafee web email security-appliance web-security vulnerabilities

August 21, 2012
7:13
McAfee Puts Barnaby Jack On Car-Jacking Hackers' Case
» ‎ Packet Storm Security Headlines

McAfee Puts Barnaby Jack On Car-Jacking Hackers' Case
Tags: mcafee jacking car barnaby-jack-on barnaby hackers

August 17, 2012
11:00
Bugtraq: ZDI-12-140 : McAfee SmartFilter Administration Server SFAdminSrv.exe JBoss RMI Remote Code Execution Vulnerabilty
» ‎ SecurityFocus Vulnerabilities

ZDI-12-140 : McAfee SmartFilter Administration Server SFAdminSrv.exe JBoss RMI Remote Code Execution Vulnerabilty
Tags: smartfilter mcafee administration code-execution administration-server zdi

August 04, 2012
6:13
McAfee Cross Site Scripting
» ‎ Packet Storm Security Exploits

McAfee Labs suffers from a cross site scripting vulnerability.
Tags: cross mcafee site vulnerability
6:13
McAfee Cross Site Scripting
» ‎ Packet Storm Security Exploits

McAfee Labs suffers from a cross site scripting vulnerability.
Tags: cross mcafee site vulnerability

May 05, 2012
19:29
McAfee Founder Booked On Drug, Weapons Charges, Report Says
» ‎ Packet Storm Security Headlines

McAfee Founder Booked On Drug, Weapons Charges, Report Says
Tags: booked founder mcafee weapons

May 04, 2012
0:00
Vuln: McAfee Virtual Technician ActiveX Control 'GetObject()' Insecure Method Vulnerability
» ‎ SecurityFocus Vulnerabilities

McAfee Virtual Technician ActiveX Control 'GetObject()' Insecure Method Vulnerability
Tags: mcafee technician virtual virtual-technician insecure-method vulnerability

May 03, 2012
15:45
McAfee Virtual Technician MVTControl 6.3.0.1911 GetObject Vulnerability
» ‎ Packet Storm Security Exploits

This Metasploit modules exploits a vulnerability found in McAfee Virtual Technician's MVTControl. This ActiveX control can be abused by using the GetObject() function to load additional unsafe classes such as WScript.Shell, therefore allowing remote code execution under the context of the user.
Tags: mcafee technician virtual virtual-technician getobject-function code-execution

15:45
McAfee Virtual Technician MVTControl 6.3.0.1911 GetObject Vulnerability
» ‎ Packet Storm Security Recent Files

This Metasploit modules exploits a vulnerability found in McAfee Virtual Technician's MVTControl. This ActiveX control can be abused by using the GetObject() function to load additional unsafe classes such as WScript.Shell, therefore allowing remote code execution under the context of the user.
Tags: mcafee technician virtual virtual-technician getobject-function code-execution

15:45
McAfee Virtual Technician MVTControl 6.3.0.1911 GetObject Vulnerability
» ‎ Packet Storm Security Misc. Files

This Metasploit modules exploits a vulnerability found in McAfee Virtual Technician's MVTControl. This ActiveX control can be abused by using the GetObject() function to load additional unsafe classes such as WScript.Shell, therefore allowing remote code execution under the context of the user.
Tags: mcafee technician virtual virtual-technician getobject-function code-execution

May 01, 2012
14:00
[remote exploits] - McAfee Virtual Technician MVTControl 6.3.0.1911 GetObject Vulnerability
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[remote exploits] - McAfee Virtual Technician MVTControl 6.3.0.1911 GetObject Vulnerability
Tags: mcafee technician virtual virtual-technician exploits vulnerability

7:00
Bugtraq: Corrections about Squid/McAfee URL Filtering Bypass
» ‎ SecurityFocus Vulnerabilities

Corrections about Squid/McAfee URL Filtering Bypass
Tags: squid mcafee about

April 30, 2012
14:00
[remote exploits] - McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 Code Execution
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[remote exploits] - McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 Code Execution
Tags: remote mcafee virtual virtual-technician code-execution exploits

12:00
Bugtraq: McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 ActiveX Control GetObject() Security Bypass Remote Code Execution Vulnerability
» ‎ SecurityFocus Vulnerabilities

McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 ActiveX Control GetObject() Security Bypass Remote Code Execution Vulnerability
Tags: mcafee technician virtual virtual-technician code-execution mvt

7:32
McAfee Virtual Technician 6.3.0.1911 Code Execution
» ‎ Packet Storm Security Exploits

McAfee Virtual Technician version 6.3.0.1911 suffers from a MVT.MVTControl.6300 GetObject() active-x control security bypass remote code execution vulnerability.
Tags: mcafee technician virtual active-x-control virtual-technician code-execution

7:32
McAfee Virtual Technician 6.3.0.1911 Code Execution
» ‎ Packet Storm Security Recent Files

McAfee Virtual Technician version 6.3.0.1911 suffers from a MVT.MVTControl.6300 GetObject() active-x control security bypass remote code execution vulnerability.
Tags: mcafee technician virtual active-x-control virtual-technician code-execution

7:32
McAfee Virtual Technician 6.3.0.1911 Code Execution
» ‎ Packet Storm Security Misc. Files

McAfee Virtual Technician version 6.3.0.1911 suffers from a MVT.MVTControl.6300 GetObject() active-x control security bypass remote code execution vulnerability.
Tags: mcafee technician virtual active-x-control virtual-technician code-execution

April 23, 2012
9:00
Bugtraq: Re: McAfee Web Gateway URL Filtering Bypass
» ‎ SecurityFocus Vulnerabilities

Re: McAfee Web Gateway URL Filtering Bypass
Tags: gateway mcafee web gateway-url web-gateway

April 13, 2012
14:55
McAfee Web Gateway And Squid Proxy 3.1.19 Bypass
» ‎ Packet Storm Security Exploits

McAfee Web Gateway and Squid Proxy version 3.1.19 suffers from a bypass vulnerability due to putting trust in Host headers. Proof of concept tool included.
Tags: gateway mcafee web web-gateway host-headers proof-of-concept

14:55
McAfee Web Gateway And Squid Proxy 3.1.19 Bypass
» ‎ Packet Storm Security Recent Files

McAfee Web Gateway and Squid Proxy version 3.1.19 suffers from a bypass vulnerability due to putting trust in Host headers. Proof of concept tool included.
Tags: gateway mcafee web web-gateway host-headers proof-of-concept

14:55
McAfee Web Gateway And Squid Proxy 3.1.19 Bypass
» ‎ Packet Storm Security Misc. Files

McAfee Web Gateway and Squid Proxy version 3.1.19 suffers from a bypass vulnerability due to putting trust in Host headers. Proof of concept tool included.
Tags: gateway mcafee web web-gateway host-headers proof-of-concept

March 29, 2012
17:09
McAfee Email And Web Security Appliance File Download
» ‎ Packet Storm Security Advisories

McAfee Email and Web Security Appliance versions prior to 5.5 Patch 6, Email and Web Security 5.6 Patch 3, and McAfee Email Gateway 7.0 Patch 1 suffer from a file download vulnerability.
Tags: mcafee web email security-appliance web-security vulnerability

17:09
McAfee Email And Web Security Appliance File Download
» ‎ Packet Storm Security Recent Files

McAfee Email and Web Security Appliance versions prior to 5.5 Patch 6, Email and Web Security 5.6 Patch 3, and McAfee Email Gateway 7.0 Patch 1 suffer from a file download vulnerability.
Tags: mcafee web email security-appliance web-security vulnerability

17:09
McAfee Email And Web Security Appliance File Download
» ‎ Packet Storm Security Misc. Files

McAfee Email and Web Security Appliance versions prior to 5.5 Patch 6, Email and Web Security 5.6 Patch 3, and McAfee Email Gateway 7.0 Patch 1 suffer from a file download vulnerability.
Tags: mcafee web email security-appliance web-security vulnerability

17:08
McAfee Email And Web Security Appliance Password Hash
» ‎ Packet Storm Security Advisories

McAfee Email and Web Security Appliance versions prior to 5.5 Patch 6, Email and Web Security 5.6 Patch 3, and McAfee Email Gateway 7.0 Patch 1 suffer from a password cracking vulnerability.
Tags: mcafee web email security-appliance web-security hash

17:08
McAfee Email And Web Security Appliance Password Hash
» ‎ Packet Storm Security Recent Files

McAfee Email and Web Security Appliance versions prior to 5.5 Patch 6, Email and Web Security 5.6 Patch 3, and McAfee Email Gateway 7.0 Patch 1 suffer from a password cracking vulnerability.
Tags: mcafee web email security-appliance web-security hash

17:08
McAfee Email And Web Security Appliance Password Hash
» ‎ Packet Storm Security Misc. Files

McAfee Email and Web Security Appliance versions prior to 5.5 Patch 6, Email and Web Security 5.6 Patch 3, and McAfee Email Gateway 7.0 Patch 1 suffer from a password cracking vulnerability.
Tags: mcafee web email security-appliance web-security hash

17:07
McAfee Email And Web Security Appliance Token Disclosure
» ‎ Packet Storm Security Advisories

McAfee Email and Web Security Appliance versions prior to 5.5 Patch 6, Email and Web Security 5.6 Patch 3, and McAfee Email Gateway 7.0 Patch 1 suffer from a token disclosure vulnerability.
Tags: mcafee web email security-appliance web-security vulnerability

17:07
McAfee Email And Web Security Appliance Token Disclosure
» ‎ Packet Storm Security Misc. Files

McAfee Email and Web Security Appliance versions prior to 5.5 Patch 6, Email and Web Security 5.6 Patch 3, and McAfee Email Gateway 7.0 Patch 1 suffer from a token disclosure vulnerability.
Tags: mcafee web email security-appliance web-security vulnerability

17:06
McAfee Email And Web Security Appliance Access Bypass
» ‎ Packet Storm Security Advisories

McAfee Email and Web Security Appliance versions prior to 5.5 Patch 6, Email and Web Security 5.6 Patch 3, and McAfee Email Gateway 7.0 Patch 1 suffer from an access bypass vulnerability.
Tags: mcafee web email security-appliance web-security vulnerability

17:06
McAfee Email And Web Security Appliance Access Bypass
» ‎ Packet Storm Security Recent Files

McAfee Email and Web Security Appliance versions prior to 5.5 Patch 6, Email and Web Security 5.6 Patch 3, and McAfee Email Gateway 7.0 Patch 1 suffer from an access bypass vulnerability.
Tags: mcafee web email security-appliance web-security vulnerability

17:06
McAfee Email And Web Security Appliance Access Bypass
» ‎ Packet Storm Security Misc. Files

McAfee Email and Web Security Appliance versions prior to 5.5 Patch 6, Email and Web Security 5.6 Patch 3, and McAfee Email Gateway 7.0 Patch 1 suffer from an access bypass vulnerability.
Tags: mcafee web email security-appliance web-security vulnerability

16:55
McAfee Email And Web Security Appliance Session Hijacking
» ‎ Packet Storm Security Advisories

McAfee Email and Web Security Appliance versions prior to 5.5 Patch 6, Email and Web Security 5.6 Patch 3, and McAfee Email Gateway 7.0 Patch 1 suffer from a session hijacking vulnerability.
Tags: mcafee web email security-appliance web-security vulnerability

16:55
McAfee Email And Web Security Appliance Session Hijacking
» ‎ Packet Storm Security Misc. Files

McAfee Email and Web Security Appliance versions prior to 5.5 Patch 6, Email and Web Security 5.6 Patch 3, and McAfee Email Gateway 7.0 Patch 1 suffer from a session hijacking vulnerability.
Tags: mcafee web email security-appliance web-security vulnerability

16:53
McAfee Email And Web Security Appliance Cross Site Scripting
» ‎ Packet Storm Security Advisories

McAfee Email and Web Security Appliance versions prior to 5.5 Patch 6, Email and Web Security 5.6 Patch 3, and McAfee Email Gateway 7.0 Patch 1 suffer from a cross site scripting vulnerability.
Tags: mcafee web email security-appliance web-security cross-site-scripting

16:53
McAfee Email And Web Security Appliance Cross Site Scripting
» ‎ Packet Storm Security Misc. Files

McAfee Email and Web Security Appliance versions prior to 5.5 Patch 6, Email and Web Security 5.6 Patch 3, and McAfee Email Gateway 7.0 Patch 1 suffer from a cross site scripting vulnerability.
Tags: mcafee web email security-appliance web-security cross-site-scripting

March 18, 2012
16:22
McAfee Warns Of Sophisticated Android Banking Malware
» ‎ Packet Storm Security Headlines

McAfee Warns Of Sophisticated Android Banking Malware
Tags: mcafee warns android
January 19, 2012
8:04
McAfee Tackles Spam Hijack Flaw In Anti-Malware Code
» ‎ Packet Storm Security Headlines

McAfee Tackles Spam Hijack Flaw In Anti-Malware Code
Tags: spam hijack mcafee

January 17, 2012
17:08
McAfee SaaS MyCioScan ShowReport Remote Command Execution
» ‎ Packet Storm Security Exploits

This Metasploit module exploits a vulnerability found in McAfee Security-as-a-Service. The ShowReport() function (located in the myCIOScn.dll ActiveX component) fails to check the FileName argument, and passes it on to a ShellExecuteW() function, therefore allows any malicious attacker to execute any process that's on the local system. However, if the victim machine is connected to a remote share (or something similar), then it's also possible to execute arbitrary code. Please note that a custom template is required for the payload, because the default Metasploit template is detectable by McAfee -- any Windows binary, such as calc.exe or notepad.exe, should bypass McAfee fine.
Tags: mcafee showreport metasploit malicious-attacker command-execution victim-machine

17:08
McAfee SaaS MyCioScan ShowReport Remote Command Execution
» ‎ Packet Storm Security Recent Files

This Metasploit module exploits a vulnerability found in McAfee Security-as-a-Service. The ShowReport() function (located in the myCIOScn.dll ActiveX component) fails to check the FileName argument, and passes it on to a ShellExecuteW() function, therefore allows any malicious attacker to execute any process that's on the local system. However, if the victim machine is connected to a remote share (or something similar), then it's also possible to execute arbitrary code. Please note that a custom template is required for the payload, because the default Metasploit template is detectable by McAfee -- any Windows binary, such as calc.exe or notepad.exe, should bypass McAfee fine.
Tags: mcafee showreport metasploit malicious-attacker command-execution victim-machine

17:08
McAfee SaaS MyCioScan ShowReport Remote Command Execution
» ‎ Packet Storm Security Misc. Files

This Metasploit module exploits a vulnerability found in McAfee Security-as-a-Service. The ShowReport() function (located in the myCIOScn.dll ActiveX component) fails to check the FileName argument, and passes it on to a ShellExecuteW() function, therefore allows any malicious attacker to execute any process that's on the local system. However, if the victim machine is connected to a remote share (or something similar), then it's also possible to execute arbitrary code. Please note that a custom template is required for the payload, because the default Metasploit template is detectable by McAfee -- any Windows binary, such as calc.exe or notepad.exe, should bypass McAfee fine.
Tags: mcafee showreport metasploit malicious-attacker command-execution victim-machine

14:00
[remote exploits] - McAfee SaaS MyCioScan ShowReport Remote Command Execution
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[remote exploits] - McAfee SaaS MyCioScan ShowReport Remote Command Execution
Tags: mcafee mycioscan saas command-execution exploits

January 12, 2012
13:00
Bugtraq: ZDI-12-012 : (0Day) McAfee SaaS myCIOScn.dll ShowReport Method Remote Command Execution
» ‎ SecurityFocus Vulnerabilities

ZDI-12-012 : (0Day) McAfee SaaS myCIOScn.dll ShowReport Method Remote Command Execution
Tags: day mcafee saas command-execution

December 02, 2011
13:19
McAfee SaaS Scan Method Script Injection Code Execution Vulnerability
» ‎ SecuriTeam

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of McAfee Security-as-a-Service.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!

Tags: code vulnerability mcafee code-execution safer-use script-injection
13:14
McAfee SaaS SecureObjectFactory Instantiation Design Flaw Code Execution Vulnerability
» ‎ SecuriTeam

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of McAfee Security-as-a-Service.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!

Tags: code vulnerability mcafee code-execution safer-use design-flaw

October 04, 2011
8:26
McAfee, IBM Gobble Rival Security Intelligence Firms
» ‎ Packet Storm Security Headlines

McAfee, IBM Gobble Rival Security Intelligence Firms
Tags: gobble mcafee ibm security-intelligence
September 07, 2011
7:37
McAfee Warns Of Security Holes In Car Computer Systems
» ‎ Packet Storm Security Headlines

McAfee Warns Of Security Holes In Car Computer Systems
Tags: mcafee warns security security-holes car-computer computer-systems
August 18, 2011
17:59
Kaspersky Accuses McAfee Of Crying Wolf Over Shady RAT
» ‎ Packet Storm Security Headlines

Kaspersky Accuses McAfee Of Crying Wolf Over Shady RAT
Tags: accuses mcafee kaspersky wolf crying-wolf

August 09, 2011
12:00
Bugtraq: TPTI-11-13: McAfee SaaS myCIOScn.dll Scan Method Script Injection Remote Code Execution Vulnerability
» ‎ SecurityFocus Vulnerabilities

TPTI-11-13: McAfee SaaS myCIOScn.dll Scan Method Script Injection Remote Code Execution Vulnerability
Tags: mcafee saas mycioscn tpti code-execution script-injection
12:00
Bugtraq: TPTI-11-12: McAfee SaaS MyAsUtil5.2.0.603.dll SecureObjectFactory Instantiation Design Flaw Remote Code Execution Vulnerability
» ‎ SecurityFocus Vulnerabilities

TPTI-11-12: McAfee SaaS MyAsUtil5.2.0.603.dll SecureObjectFactory Instantiation Design Flaw Remote Code Execution Vulnerability
Tags: myasutil mcafee saas tpti code-execution design-flaw

August 08, 2011
19:04
McAfee SaaS myCIOScn.dll Code Execution
» ‎ Packet Storm Security Advisories

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of McAfee Security-as-a-Service. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaws exists within myCIOScn.dll. First, the MyCioScan.Scan.ReportFile parameter exposed via ActiveX can be set to any arbitrary filename including sensitive system files and directories. Secondly, the parameter to the MyCioScan.Scan.Start() method can be carefully crafted as to inject script constructs into the log file written at the end of the AV scan. The combination of these flaws can be leveraged by a remote attacker to execute arbitrary code under the context of the user running the browser.
Tags: code mcafee mycioscn code-execution sensitive-system arbitrary-code

19:04
McAfee SaaS myCIOScn.dll Code Execution
» ‎ Packet Storm Security Recent Files

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of McAfee Security-as-a-Service. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaws exists within myCIOScn.dll. First, the MyCioScan.Scan.ReportFile parameter exposed via ActiveX can be set to any arbitrary filename including sensitive system files and directories. Secondly, the parameter to the MyCioScan.Scan.Start() method can be carefully crafted as to inject script constructs into the log file written at the end of the AV scan. The combination of these flaws can be leveraged by a remote attacker to execute arbitrary code under the context of the user running the browser.
Tags: code mcafee mycioscn code-execution sensitive-system arbitrary-code

19:04
McAfee SaaS myCIOScn.dll Code Execution
» ‎ Packet Storm Security Misc. Files

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of McAfee Security-as-a-Service. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaws exists within myCIOScn.dll. First, the MyCioScan.Scan.ReportFile parameter exposed via ActiveX can be set to any arbitrary filename including sensitive system files and directories. Secondly, the parameter to the MyCioScan.Scan.Start() method can be carefully crafted as to inject script constructs into the log file written at the end of the AV scan. The combination of these flaws can be leveraged by a remote attacker to execute arbitrary code under the context of the user running the browser.
Tags: code mcafee mycioscn code-execution sensitive-system arbitrary-code

0:00
Vuln: McAfee SaaS Endpoint Protection 'myCIOScn' ActiveX Remote Code Execution Vulnerability
» ‎ SecurityFocus Vulnerabilities

McAfee SaaS Endpoint Protection 'myCIOScn' ActiveX Remote Code Execution Vulnerability
Tags: endpoint mcafee saas code-execution vulnerability

June 05, 2011
19:49
McAfee Firewall Reporter GeneralUtilities.pm isValidClient Authentication Bypass Vulnerability
» ‎ SecuriTeam

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of McAfee Firewall Reporter.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!

Tags: vulnerability mcafee firewall reporter-generalutilities safer-use arbitrary-code attackers

May 31, 2011
23:41
McAfee Sees Progress In Slowing Cybercrime
» ‎ Packet Storm Security Headlines

McAfee Sees Progress In Slowing Cybercrime
Tags: progress sees mcafee

April 14, 2011
8:00
Bugtraq: Re: ZDI-11-117: McAfee Firewall Reporter GeneralUtilities.pm isValidClient Authentication Bypass Vulnerability
» ‎ SecurityFocus Vulnerabilities

Re: ZDI-11-117: McAfee Firewall Reporter GeneralUtilities.pm isValidClient Authentication Bypass Vulnerability
Tags: mcafee isvalidclient firewall reporter-generalutilities vulnerability authentication
April 11, 2011
11:00
Bugtraq: ZDI-11-117: McAfee Firewall Reporter GeneralUtilities.pm isValidClient Authentication Bypass Vulnerability
» ‎ SecurityFocus Vulnerabilities

ZDI-11-117: McAfee Firewall Reporter GeneralUtilities.pm isValidClient Authentication Bypass Vulnerability
Tags: mcafee isvalidclient firewall reporter-generalutilities zdi bugtraq vulnerability

March 28, 2011
16:57
McAfee: Cybercrooks Target Corporate Trade Secrets
» ‎ Packet Storm Security Headlines

McAfee: Cybercrooks Target Corporate Trade Secrets
Tags: mcafee cybercrooks target trade-secrets

March 27, 2011
5:00
McAfee Cross Site Scripting / Information Disclosure
» ‎ Packet Storm Security Exploits

McAfee.com suffers from cross site scripting and information disclosure vulnerabilities.
Tags: cross mcafee site information-disclosure

5:00
McAfee Cross Site Scripting / Information Disclosure
» ‎ Packet Storm Security Recent Files

McAfee.com suffers from cross site scripting and information disclosure vulnerabilities.
Tags: cross mcafee site information-disclosure

5:00
McAfee Cross Site Scripting / Information Disclosure
» ‎ Packet Storm Security Misc. Files

McAfee.com suffers from cross site scripting and information disclosure vulnerabilities.
Tags: cross mcafee site information-disclosure

March 01, 2011
7:56
Intel Completes McAfee Acquisition
» ‎ Packet Storm Security Headlines

Intel Completes McAfee Acquisition
Tags: mcafee completes acquisition intel

February 14, 2011
13:15
McAfee Virusscan Antivirus Quarantined File Restore Utility 1.0
» ‎ Packet Storm Security Recent Files

McAfee Virusscan Antivirus Quarantined File Restore Utility is a useful python script that extracts a file quarantined with the BUP extension by McAfee Virusscan.
Tags: virusscan mcafee file python-script bup-extension

13:15
McAfee Virusscan Antivirus Quarantined File Restore Utility 1.0
» ‎ Packet Storm Security Tools

McAfee Virusscan Antivirus Quarantined File Restore Utility is a useful python script that extracts a file quarantined with the BUP extension by McAfee Virusscan.
Tags: virusscan mcafee file python-script bup-extension

13:15
McAfee Virusscan Antivirus Quarantined File Restore Utility 1.0
» ‎ Packet Storm Security Misc. Files

McAfee Virusscan Antivirus Quarantined File Restore Utility is a useful python script that extracts a file quarantined with the BUP extension by McAfee Virusscan.
Tags: virusscan mcafee file python-script bup-extension

January 07, 2011
13:55
McAfee Virusscan Command Line 6.0 Symlink Attack
» ‎ Packet Storm Security Advisories

McAfee Virusscan Command Line version 6.0 suffers from a symlink attack vulnerability.
Tags: virusscan mcafee command line-6 version-6 vulnerability

13:55
McAfee Virusscan Command Line 6.0 Symlink Attack
» ‎ Packet Storm Security Recent Files

McAfee Virusscan Command Line version 6.0 suffers from a symlink attack vulnerability.
Tags: virusscan mcafee command line-6 version-6 vulnerability

13:55
McAfee Virusscan Command Line 6.0 Symlink Attack
» ‎ Packet Storm Security Misc. Files

McAfee Virusscan Command Line version 6.0 suffers from a symlink attack vulnerability.
Tags: virusscan mcafee command line-6 version-6 vulnerability

January 04, 2011
8:59
McAfee Warns Of More WikiLeaks-Style Hactivist Attacks
» ‎ Packet Storm Security Headlines

McAfee Warns Of More WikiLeaks-Style Hactivist Attacks
Tags: mcafee warns wikileaks-style
December 28, 2010
9:21
McAfee Points At Apple, Smartphones For 2011 Targets
» ‎ Packet Storm Security Headlines

McAfee Points At Apple, Smartphones For 2011 Targets
Tags: apple mcafee smartphones targets

December 01, 2010
0:00
Vuln: McAfee VirusScan Enterprise 'traceapp.dll' DLL Loading Arbitrary Code Execution Vulnerability
» ‎ SecurityFocus Vulnerabilities

McAfee VirusScan Enterprise 'traceapp.dll' DLL Loading Arbitrary Code Execution Vulnerability
Tags: virusscan dll mcafee arbitrary-code-execution dll-loading virusscan-enterprise

October 11, 2010
0:00
WinPatrol Blames McAfee For Lost Business
» ‎ Packet Storm Security Headlines

WinPatrol Blames McAfee For Lost Business
Tags: mcafee winpatrol blames

August 28, 2010
0:00
mcafee-exec.txt
» ‎ Packet Storm Security Recent Files

McAfee LinuxShield versions 1.5.1 and below remote root code execution exploit.
Tags: txt mcafee linuxshield root-code code-execution exec

0:00
mcafee-exec.txt
» ‎ Packet Storm Security Exploits

McAfee LinuxShield versions 1.5.1 and below remote root code execution exploit.
Tags: txt mcafee linuxshield root-code code-execution exec

August 27, 2010
15:49
McAfee LinuxShield
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

McAfee LinuxShield
Tags: mcafee linuxshield

August 24, 2010
0:00
McAfee Re-Issues Fake Visa Waiver Virus Warning
» ‎ Packet Storm Security Headlines

McAfee Re-Issues Fake Visa Waiver Virus Warning
Tags: mcafee Issues visa-waiver virus-warning
August 19, 2010
0:00
Intel To Buy McAfee
» ‎ Packet Storm Security Headlines

Intel To Buy McAfee
Tags: intel mcafee

June 09, 2010
14:00
Bugtraq: McAfee UTM Firewall Help Reflected Cross-Site Scripting
» ‎ SecurityFocus Vulnerabilities

McAfee UTM Firewall Help Reflected Cross-Site Scripting
Tags: mcafee firewall utm

May 18, 2010
0:00
McAfee's Quarterly Threat Analysis Shows Increased Hacker Intelligence
» ‎ Packet Storm Security Headlines

McAfee's Quarterly Threat Analysis Shows Increased Hacker Intelligence
Tags: threat mcafee analysis threat-analysis hacker
April 26, 2010
0:00
McAfee Offers Cash For Clunkers
» ‎ Packet Storm Security Headlines

McAfee Offers Cash For Clunkers
Tags: offers cash mcafee

April 25, 2010
20:59
McAfee LinuxShield Code Execution Vulnerability
» ‎ SecuriTeam

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of McAfee LinuxShield.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!

Tags: code mcafee linuxshield code-execution safer-use arbitrary-code

April 22, 2010
7:12
Hackers exploit McAfee false alarm to spread scareware attack, Sophos reports
» ‎ Sophos security news

System administrators at risk of infection from fake anti-virus traps.
Tags: hackers mcafee alarm false-alarm anti-virus system-administrators

0:00
Rogue McAfee Update Strikes Police, Hospitals and Intel
» ‎ Packet Storm Security Headlines

Rogue McAfee Update Strikes Police, Hospitals and Intel
Tags: mcafee update strikes hospitals intel
0:00
McAfee Probing Bungle That Sparked Global PC Crash
» ‎ Packet Storm Security Headlines

McAfee Probing Bungle That Sparked Global PC Crash
Tags: sparked mcafee bungle pc-crash global-pc
April 21, 2010
0:00
McAfee False Positive Bricks Enterprise PCs Worldwide
» ‎ Packet Storm Security Headlines

McAfee False Positive Bricks Enterprise PCs Worldwide
Tags: false bricks mcafee
April 14, 2010
0:00
McAfee Sued Over Third-Party Pop-Up Pitches
» ‎ Packet Storm Security Headlines

McAfee Sued Over Third-Party Pop-Up Pitches
Tags: mcafee third sued party-pop pitches third-party

March 03, 2010
17:00
McAfee LinuxShield remote/local Code Execution Vulnerability
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

McAfee LinuxShield remote/local Code Execution Vulnerability
Tags: remote mcafee linuxshield code-execution vulnerability

10:00
Bugtraq: Re: NSOADV-2010-004: McAfee LinuxShield remote/local code execution
» ‎ SecurityFocus Vulnerabilities

Re: NSOADV-2010-004: McAfee LinuxShield remote/local code execution
Tags: execution remote mcafee code-execution

March 02, 2010
19:42
NSOPOC-2010-004.tar.gz
» ‎ Packet Storm Security Recent Files

McAfee LinuxShield versions 1.5.1 and below remote code execution proof of concept exploit.
Tags: tar mcafee nsopoc code-execution proof-of-concept tar-gz
19:42
NSOADV-2010-004.txt
» ‎ Packet Storm Security Recent Files

McAfee LinuxShield suffers from remote and local code execution vulnerabilities. Versions 1.5.1 and below are affected.
Tags: txt mcafee nsoadv code-execution

19:42
NSOPOC-2010-004.tar.gz
» ‎ Packet Storm Security Exploits

McAfee LinuxShield versions 1.5.1 and below remote code execution proof of concept exploit.
Tags: tar mcafee nsopoc code-execution proof-of-concept tar-gz

19:42
NSOADV-2010-004.txt
» ‎ Packet Storm Security Advisories

McAfee LinuxShield suffers from remote and local code execution vulnerabilities. Versions 1.5.1 and below are affected.
Tags: txt mcafee nsoadv code-execution

15:00
Bugtraq: NSOADV-2010-004: McAfee LinuxShield remote/local code execution
» ‎ SecurityFocus Vulnerabilities

NSOADV-2010-004: McAfee LinuxShield remote/local code execution
Tags: execution remote mcafee code-execution

jetlib.sec » Tags » mcafee

Feeds

104 items tagged "mcafee"

Tags: project mcafee warns

Tags: admits video mcafee

Tags: john mcafee leave

Tags: john mcafee surprise john-mcafee manhunt

Tags: mcafee attack heart heart-attack

Tags: john blogs mcafee john-mcafee neighbor

Tags: john blogs mcafee john-mcafee neighbor

Tags: bug splats mcafee

Tags: reporter mcafee firewall vulnerability authentication

Tags: virusscan dll mcafee arbitrary-code-execution dll-loading virusscan-enterprise

Tags: mcafee web email security-appliance web-security vulnerabilities

Tags: mcafee jacking car barnaby-jack-on barnaby hackers

Tags: smartfilter mcafee administration code-execution administration-server zdi

Tags: cross mcafee site vulnerability

Tags: cross mcafee site vulnerability

Tags: booked founder mcafee weapons

Tags: mcafee technician virtual virtual-technician insecure-method vulnerability

Tags: mcafee technician virtual virtual-technician getobject-function code-execution

Tags: mcafee technician virtual virtual-technician getobject-function code-execution

Tags: mcafee technician virtual virtual-technician getobject-function code-execution

Tags: mcafee technician virtual virtual-technician exploits vulnerability

Tags: squid mcafee about

Tags: remote mcafee virtual virtual-technician code-execution exploits

Tags: mcafee technician virtual virtual-technician code-execution mvt

Tags: mcafee technician virtual active-x-control virtual-technician code-execution

Tags: mcafee technician virtual active-x-control virtual-technician code-execution

Tags: mcafee technician virtual active-x-control virtual-technician code-execution

Tags: gateway mcafee web gateway-url web-gateway

Tags: gateway mcafee web web-gateway host-headers proof-of-concept

Tags: gateway mcafee web web-gateway host-headers proof-of-concept

Tags: gateway mcafee web web-gateway host-headers proof-of-concept

Tags: mcafee web email security-appliance web-security vulnerability

Tags: mcafee web email security-appliance web-security vulnerability

Tags: mcafee web email security-appliance web-security vulnerability

Tags: mcafee web email security-appliance web-security hash

Tags: mcafee web email security-appliance web-security hash

Tags: mcafee web email security-appliance web-security hash

Tags: mcafee web email security-appliance web-security vulnerability

Tags: mcafee web email security-appliance web-security vulnerability

Tags: mcafee web email security-appliance web-security vulnerability

Tags: mcafee web email security-appliance web-security vulnerability

Tags: mcafee web email security-appliance web-security vulnerability

Tags: mcafee web email security-appliance web-security vulnerability

Tags: mcafee web email security-appliance web-security vulnerability

Tags: mcafee web email security-appliance web-security cross-site-scripting

Tags: mcafee web email security-appliance web-security cross-site-scripting

Tags: mcafee warns android

Tags: spam hijack mcafee

Tags: mcafee showreport metasploit malicious-attacker command-execution victim-machine

Tags: mcafee showreport metasploit malicious-attacker command-execution victim-machine

Tags: mcafee showreport metasploit malicious-attacker command-execution victim-machine

Tags: mcafee mycioscan saas command-execution exploits

Tags: day mcafee saas command-execution

Tags: code vulnerability mcafee code-execution safer-use script-injection

Tags: code vulnerability mcafee code-execution safer-use design-flaw

Tags: gobble mcafee ibm security-intelligence

Tags: mcafee warns security security-holes car-computer computer-systems

Tags: accuses mcafee kaspersky wolf crying-wolf

Tags: mcafee saas mycioscn tpti code-execution script-injection

Tags: myasutil mcafee saas tpti code-execution design-flaw

Tags: code mcafee mycioscn code-execution sensitive-system arbitrary-code

Tags: code mcafee mycioscn code-execution sensitive-system arbitrary-code

Tags: code mcafee mycioscn code-execution sensitive-system arbitrary-code

Tags: endpoint mcafee saas code-execution vulnerability

Tags: vulnerability mcafee firewall reporter-generalutilities safer-use arbitrary-code attackers

Tags: progress sees mcafee

Tags: mcafee isvalidclient firewall reporter-generalutilities vulnerability authentication

Tags: mcafee isvalidclient firewall reporter-generalutilities zdi bugtraq vulnerability

Tags: mcafee cybercrooks target trade-secrets

Tags: cross mcafee site information-disclosure

Tags: cross mcafee site information-disclosure

Tags: cross mcafee site information-disclosure

Tags: mcafee completes acquisition intel