Filtered by vendor Trendmicro
Subscriptions
Total
556 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-11392 | 1 Trendmicro | 1 Interscan Messaging Security Virtual Appliance | 2025-04-20 | N/A |
| Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "T" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4745. | ||||
| CVE-2017-11391 | 1 Trendmicro | 1 Interscan Messaging Security Virtual Appliance | 2025-04-20 | N/A |
| Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "t" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4744. | ||||
| CVE-2016-9269 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2025-04-20 | N/A |
| Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to run arbitrary commands on the system as root via Patch Update functionality. This was resolved in Version 6.5 CP 1737. | ||||
| CVE-2016-8592 | 1 Trendmicro | 1 Threat Discovery Appliance | 2025-04-20 | N/A |
| log_query_system.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | ||||
| CVE-2017-11390 | 1 Trendmicro | 1 Control Manager | 2025-04-20 | N/A |
| XML external entity (XXE) processing vulnerability in Trend Micro Control Manager 6.0, if exploited, could lead to information disclosure. Formerly ZDI-CAN-4706. | ||||
| CVE-2016-8591 | 1 Trendmicro | 1 Threat Discovery Appliance | 2025-04-20 | N/A |
| log_query.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | ||||
| CVE-2016-8590 | 1 Trendmicro | 1 Threat Discovery Appliance | 2025-04-20 | N/A |
| log_query_dlp.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | ||||
| CVE-2016-9315 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2025-04-20 | N/A |
| Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to change Master Admin's password and/or add new admin accounts. This was resolved in Version 6.5 CP 1737. | ||||
| CVE-2016-8589 | 1 Trendmicro | 1 Threat Discovery Appliance | 2025-04-20 | N/A |
| log_query_dae.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | ||||
| CVE-2016-8587 | 1 Trendmicro | 1 Threat Discovery Appliance | 2025-04-20 | N/A |
| dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via an archive file containing a symlink to /eng_ptn_stores/prod/sensorSDK/data/ or /eng_ptn_stores/prod/sensorSDK/backup_pol/. | ||||
| CVE-2017-11388 | 1 Trendmicro | 1 Control Manager | 2025-04-20 | N/A |
| SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when RestfulServiceUtility.NET.dll doesn't properly validate user provided strings before constructing SQL queries. Formerly ZDI-CAN-4639 and ZDI-CAN-4638. | ||||
| CVE-2016-8584 | 1 Trendmicro | 1 Threat Discovery Appliance | 2025-04-20 | N/A |
| Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses predictable session values, which allows remote attackers to bypass authentication by guessing the value. | ||||
| CVE-2016-6270 | 1 Trendmicro | 1 Virtual Mobile Infrastructure | 2025-04-20 | 8.8 High |
| The handle_certificate function in /vmi/manager/engine/management/commands/apns_worker.py in Trend Micro Virtual Mobile Infrastructure before 5.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the password to api/v1/cfg/oauth/save_identify_pfx/. | ||||
| CVE-2016-9314 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2025-04-20 | N/A |
| Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to backup the system configuration and download it onto their local machine. This backup file contains sensitive information like passwd/shadow files, RSA certificates, Private Keys and Default Passphrase, etc. This was resolved in Version 6.5 CP 1737. | ||||
| CVE-2016-6268 | 1 Trendmicro | 1 Smart Protection Server | 2025-04-20 | 7.8 High |
| Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows local webserv users to execute arbitrary code with root privileges via a Trojan horse .war file in the Solr webapps directory. | ||||
| CVE-2016-6267 | 1 Trendmicro | 1 Smart Protection Server | 2025-04-20 | 8.8 High |
| SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) spare_Community, (2) spare_AllowGroupIP, or (3) spare_AllowGroupNetmask parameter to admin_notification.php. | ||||
| CVE-2017-11386 | 1 Trendmicro | 1 Control Manager | 2025-04-20 | N/A |
| SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x4707 due to lack of proper user input validation in cmdHandlerNewReportScheduler.dll. Formerly ZDI-CAN-4549. | ||||
| CVE-2016-8593 | 1 Trendmicro | 1 Threat Discovery Appliance | 2025-04-20 | N/A |
| Directory traversal vulnerability in upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via a .. (dot dot) in the dID parameter. | ||||
| CVE-2017-11382 | 1 Trendmicro | 1 Deep Discovery Email Inspector | 2025-04-20 | N/A |
| Denial of Service vulnerability in Trend Micro Deep Discovery Email Inspector 2.5.1 allows remote attackers to delete arbitrary files on vulnerable installations, thus disabling the service. Formerly ZDI-CAN-4350. | ||||
| CVE-2017-11394 | 1 Trendmicro | 1 Officescan | 2025-04-20 | N/A |
| Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the T parameter within Proxy.php. Formerly ZDI-CAN-4544. | ||||