Filtered by vendor Trendmicro Subscriptions
Total 497 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-41179 2 Microsoft, Trendmicro 4 Windows, Apex One, Worry-free Business Security and 1 more 2024-09-26 7.2 High
A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation. Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability.
CVE-2017-11380 1 Trendmicro 1 Deep Discovery Director 2024-09-17 N/A
Backup archives were found to be encrypted with a static password across different installations, which suggest the same password may be used in all virtual appliance instances of Trend Micro Deep Discovery Director 1.1.
CVE-2017-11392 1 Trendmicro 1 Interscan Messaging Security Virtual Appliance 2024-09-17 N/A
Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "T" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4745.
CVE-2017-14078 1 Trendmicro 1 Mobile Security 2024-09-17 N/A
SQL Injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.
CVE-2017-11391 1 Trendmicro 1 Interscan Messaging Security Virtual Appliance 2024-09-17 N/A
Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "t" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4744.
CVE-2017-11382 1 Trendmicro 1 Deep Discovery Email Inspector 2024-09-17 N/A
Denial of Service vulnerability in Trend Micro Deep Discovery Email Inspector 2.5.1 allows remote attackers to delete arbitrary files on vulnerable installations, thus disabling the service. Formerly ZDI-CAN-4350.
CVE-2011-1327 1 Trendmicro 1 Trend Micro Internet Security 2024-09-17 N/A
The Keystroke Encryption feature in Trend Micro Internet Security 2009 (aka Virus Buster 2009 and PC-cillin 2009) does not completely encrypt passwords, which allows local users to obtain sensitive information by leveraging a keylogger.
CVE-2017-14080 1 Trendmicro 1 Mobile Security 2024-09-17 N/A
Authentication bypass vulnerability in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allows attackers to access a specific part of the console using a blank password.
CVE-2017-11381 1 Trendmicro 1 Deep Discovery Director 2024-09-17 N/A
A command injection vulnerability exists in Trend Micro Deep Discovery Director 1.1 that allows an attacker to restore accounts that can access the pre-configuration console.
CVE-2017-8801 1 Trendmicro 1 Officescan 2024-09-16 N/A
Trend Micro OfficeScan 11.0 before SP1 CP 6325 (with Agent Module Build before 6152) and XG before CP 1352 has XSS via a crafted URI using a blocked website.
CVE-2017-11393 1 Trendmicro 1 Officescan 2024-09-16 N/A
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the tr parameter within Proxy.php. Formerly ZDI-CAN-4543.
CVE-2017-11395 1 Trendmicro 1 Smart Protection Server 2024-09-16 N/A
Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnerable installations.
CVE-2010-5179 2 Microsoft, Trendmicro 2 Windows Xp, Internet Security 2010 2024-09-16 N/A
Race condition in Trend Micro Internet Security Pro 2010 17.50.1647.0000 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute
CVE-2017-11379 1 Trendmicro 1 Deep Discovery Director 2024-09-16 N/A
Configuration and database backup archives are not signed or validated in Trend Micro Deep Discovery Director 1.1.
CVE-2017-14079 1 Trendmicro 1 Mobile Security 2024-09-16 N/A
Unrestricted file uploads in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.
CVE-2017-11396 1 Trendmicro 1 Interscan Web Security Virtual Appliance 2024-09-16 7.2 High
Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the console to implement remote code injections.
CVE-2016-3987 1 Trendmicro 1 Password Manager 2024-09-16 9.8 Critical
The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB.
CVE-2017-11394 1 Trendmicro 1 Officescan 2024-09-16 N/A
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the T parameter within Proxy.php. Formerly ZDI-CAN-4544.
CVE-2023-52325 1 Trendmicro 1 Apex Central 2024-09-12 7.5 High
A local file inclusion vulnerability in one of Trend Micro Apex Central's widgets could allow a remote attacker to execute arbitrary code on affected installations. Please note: this vulnerability must be used in conjunction with another one to exploit an affected system. In addition, an attacker must first obtain a valid set of credentials on target system in order to exploit this vulnerability.
CVE-2023-47196 1 Trendmicro 1 Apex One 2024-09-12 7.8 High
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47197.