Search Results (575 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-14084 1 Trendmicro 1 Officescan 2025-04-20 N/A
A potential Man-in-the-Middle (MitM) attack vulnerability in Trend Micro OfficeScan 11.0 and XG may allow attackers to execute arbitrary code on vulnerable installations.
CVE-2016-8587 1 Trendmicro 1 Threat Discovery Appliance 2025-04-20 N/A
dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via an archive file containing a symlink to /eng_ptn_stores/prod/sensorSDK/data/ or /eng_ptn_stores/prod/sensorSDK/backup_pol/.
CVE-2016-6268 1 Trendmicro 1 Smart Protection Server 2025-04-20 7.8 High
Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows local webserv users to execute arbitrary code with root privileges via a Trojan horse .war file in the Solr webapps directory.
CVE-2017-14086 1 Trendmicro 1 Officescan 2025-04-20 N/A
Pre-authorization Start Remote Process vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to start the fcgiOfcDDA.exe executable or cause a potential INI corruption, which may cause the server disk space to be consumed with dump files from continuous HTTP requests.
CVE-2016-8585 1 Trendmicro 1 Threat Discovery Appliance 2025-04-20 N/A
admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter.
CVE-2016-8586 1 Trendmicro 1 Threat Discovery Appliance 2025-04-20 N/A
detected_potential_files.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
CVE-2017-11386 1 Trendmicro 1 Control Manager 2025-04-20 N/A
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x4707 due to lack of proper user input validation in cmdHandlerNewReportScheduler.dll. Formerly ZDI-CAN-4549.
CVE-2016-8588 1 Trendmicro 1 Threat Discovery Appliance 2025-04-20 N/A
The hotfix_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the file name of an uploaded file.
CVE-2017-11397 1 Trendmicro 1 Encryption For Email 2025-04-20 N/A
A service DLL preloading vulnerability in Trend Micro Encryption for Email versions 5.6 and below could allow an unauthenticated remote attacker to execute arbitrary code on a vulnerable system.
CVE-2016-6266 1 Trendmicro 1 Smart Protection Server 2025-04-20 8.8 High
ccca_ajaxhandler.php in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) host or (2) apikey parameter in a register action, (3) enable parameter in a save_stting action, or (4) host or (5) apikey parameter in a test_connection action.
CVE-2016-8590 1 Trendmicro 1 Threat Discovery Appliance 2025-04-20 N/A
log_query_dlp.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
CVE-2016-8592 1 Trendmicro 1 Threat Discovery Appliance 2025-04-20 N/A
log_query_system.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
CVE-2016-6270 1 Trendmicro 1 Virtual Mobile Infrastructure 2025-04-20 8.8 High
The handle_certificate function in /vmi/manager/engine/management/commands/apns_worker.py in Trend Micro Virtual Mobile Infrastructure before 5.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the password to api/v1/cfg/oauth/save_identify_pfx/.
CVE-2016-6267 1 Trendmicro 1 Smart Protection Server 2025-04-20 8.8 High
SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) spare_Community, (2) spare_AllowGroupIP, or (3) spare_AllowGroupNetmask parameter to admin_notification.php.
CVE-2017-14091 1 Trendmicro 1 Scanmail 2025-04-20 N/A
A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific installations that utilize a uncommon feature - Other Update Sources - could be exploited to overwrite sensitive files in the ScanMail for Exchange directory.
CVE-2017-6338 1 Trendmicro 1 Interscan Web Security Virtual Appliance 2025-04-20 N/A
Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Auditor' to change FTP Access Control Settings, create or modify reports, or upload an HTTPS Decryption Certificate and Private Key.
CVE-2017-9034 1 Trendmicro 1 Serverprotect 2025-04-20 9.8 Critical
Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to write to arbitrary files and consequently execute arbitrary code with root privileges by leveraging failure to validate software updates.
CVE-2016-9319 1 Trendmicro 1 Mobile Security 2025-04-20 N/A
There is Missing SSL Certificate Validation in the Trend Micro Enterprise Mobile Security Android Application before 9.7.1193, aka VRTS-398.
CVE-2022-45798 2 Microsoft, Trendmicro 2 Windows, Apex One 2025-04-15 7.8 High
A link following vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges by creating a symbolic link and abusing the service to delete a file. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2016-1226 1 Trendmicro 1 Internet Security 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Trend Micro Internet Security 8 and 10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.