Mcafee Epolicy Orchestrator vulnerabilities

CVE-2003-0149 [HIGH] CVE-2003-0149: Heap-based buffer overflow in ePO agent for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows r Heap-based buffer overflow in ePO agent for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code via a POST request containing long parameters.

CVE-2003-0616 [HIGH] CVE-2003-0616: Format string vulnerability in ePO service for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allow Format string vulnerability in ePO service for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code via a POST request with format strings in the computerlist parameter, which are used when logging a failed name resolution.

CVE-2003-0148 [HIGH] CVE-2003-0148: The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 through 3.0 allows attackers to The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 through 3.0 allows attackers to execute arbitrary code via a series of steps that (1) obtain the database administrator username and encrypted password in a configuration file from the ePO server using a certain request, (2) crack the password due to weak cryptography, and (3) use the password

CVE-2003-0610 [MEDIUM] CVE-2003-0610: Directory traversal vulnerability in ePO agent for McAfee ePolicy Orchestrator 3.0 allows remote att Directory traversal vulnerability in ePO agent for McAfee ePolicy Orchestrator 3.0 allows remote attackers to read arbitrary files via a certain HTTP request.

CVE-2002-0690 [CRITICAL] CVE-2002-0690: Format string vulnerability in McAfee Security ePolicy Orchestrator (ePO) 2.5.1 allows remote attack Format string vulnerability in McAfee Security ePolicy Orchestrator (ePO) 2.5.1 allows remote attackers to execute arbitrary code via an HTTP GET request with a URI containing format strings.