McAfee VirusScan Enterprise Multiple Security Vulnerabilities

McAfee VirusScan Enterprise is prone to the following multiple security vulnerabilities:

1. Multiple authentication bypass vulnerabilities.
2. Multiple CRLF-injection vulnerabilities.
3. Multiple security-bypass vulnerabilities.
4. An SQL-injection vulnerability.
5. A cross-site request-forgery vulnerability.
6. A cross-site scripting vulnerability.
7. Multiple information-disclosure vulnerabilities.

An attacker may leverage these issues to obtain potentially sensitive information, steal cookie based authentication credentials, perform unauthorized action, bypass authentication mechanism, execute arbitrary code, read arbitrary files that contain sensitive information and arbitrary headers to a webpage.

VirusScan Enterprise for Linux (VSEL) 2.0.3 and prior versions are vulnerable.


Privacy Statement
Copyright 2010, SecurityFocus