Filtered by vendor Trendmicro Subscriptions
Total 498 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2016-9315 1 Trendmicro 1 Interscan Web Security Virtual Appliance 2024-11-21 N/A
Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to change Master Admin's password and/or add new admin accounts. This was resolved in Version 6.5 CP 1737.
CVE-2016-9314 1 Trendmicro 1 Interscan Web Security Virtual Appliance 2024-11-21 N/A
Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to backup the system configuration and download it onto their local machine. This backup file contains sensitive information like passwd/shadow files, RSA certificates, Private Keys and Default Passphrase, etc. This was resolved in Version 6.5 CP 1737.
CVE-2016-9269 1 Trendmicro 1 Interscan Web Security Virtual Appliance 2024-11-21 N/A
Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to run arbitrary commands on the system as root via Patch Update functionality. This was resolved in Version 6.5 CP 1737.
CVE-2016-8593 1 Trendmicro 1 Threat Discovery Appliance 2024-11-21 N/A
Directory traversal vulnerability in upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via a .. (dot dot) in the dID parameter.
CVE-2016-8592 1 Trendmicro 1 Threat Discovery Appliance 2024-11-21 N/A
log_query_system.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
CVE-2016-8591 1 Trendmicro 1 Threat Discovery Appliance 2024-11-21 N/A
log_query.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
CVE-2016-8590 1 Trendmicro 1 Threat Discovery Appliance 2024-11-21 N/A
log_query_dlp.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
CVE-2016-8589 1 Trendmicro 1 Threat Discovery Appliance 2024-11-21 N/A
log_query_dae.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
CVE-2016-8588 1 Trendmicro 1 Threat Discovery Appliance 2024-11-21 N/A
The hotfix_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the file name of an uploaded file.
CVE-2016-8587 1 Trendmicro 1 Threat Discovery Appliance 2024-11-21 N/A
dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via an archive file containing a symlink to /eng_ptn_stores/prod/sensorSDK/data/ or /eng_ptn_stores/prod/sensorSDK/backup_pol/.
CVE-2016-8586 1 Trendmicro 1 Threat Discovery Appliance 2024-11-21 N/A
detected_potential_files.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
CVE-2016-8585 1 Trendmicro 1 Threat Discovery Appliance 2024-11-21 N/A
admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter.
CVE-2016-8584 1 Trendmicro 1 Threat Discovery Appliance 2024-11-21 N/A
Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses predictable session values, which allows remote attackers to bypass authentication by guessing the value.
CVE-2016-7552 1 Trendmicro 1 Threat Discovery Appliance 2024-11-21 N/A
On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS.
CVE-2016-7547 1 Trendmicro 1 Threat Discovery Appliance 2024-11-21 N/A
A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in the admin_sys_time.cgi interface.
CVE-2016-6270 1 Trendmicro 1 Virtual Mobile Infrastructure 2024-11-21 8.8 High
The handle_certificate function in /vmi/manager/engine/management/commands/apns_worker.py in Trend Micro Virtual Mobile Infrastructure before 5.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the password to api/v1/cfg/oauth/save_identify_pfx/.
CVE-2016-6269 1 Trendmicro 1 Smart Protection Server 2024-11-21 9.1 Critical
Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allow remote attackers to read and delete arbitrary files via the tmpfname parameter to (1) log_mgt_adhocquery_ajaxhandler.php, (2) log_mgt_ajaxhandler.php, (3) log_mgt_ajaxhandler.php or (4) tf parameter to wcs_bwlists_handler.php.
CVE-2016-6268 1 Trendmicro 1 Smart Protection Server 2024-11-21 7.8 High
Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows local webserv users to execute arbitrary code with root privileges via a Trojan horse .war file in the Solr webapps directory.
CVE-2016-6267 1 Trendmicro 1 Smart Protection Server 2024-11-21 8.8 High
SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) spare_Community, (2) spare_AllowGroupIP, or (3) spare_AllowGroupNetmask parameter to admin_notification.php.
CVE-2016-6266 1 Trendmicro 1 Smart Protection Server 2024-11-21 8.8 High
ccca_ajaxhandler.php in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) host or (2) apikey parameter in a register action, (3) enable parameter in a save_stting action, or (4) host or (5) apikey parameter in a test_connection action.