Filtered by vendor Trendmicro
Subscriptions
Total
497 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2016-8592 | 1 Trendmicro | 1 Threat Discovery Appliance | 2024-08-06 | N/A |
log_query_system.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | ||||
CVE-2016-8589 | 1 Trendmicro | 1 Threat Discovery Appliance | 2024-08-06 | N/A |
log_query_dae.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | ||||
CVE-2016-8587 | 1 Trendmicro | 1 Threat Discovery Appliance | 2024-08-06 | N/A |
dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via an archive file containing a symlink to /eng_ptn_stores/prod/sensorSDK/data/ or /eng_ptn_stores/prod/sensorSDK/backup_pol/. | ||||
CVE-2016-8588 | 1 Trendmicro | 1 Threat Discovery Appliance | 2024-08-06 | N/A |
The hotfix_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the file name of an uploaded file. | ||||
CVE-2016-7552 | 1 Trendmicro | 1 Threat Discovery Appliance | 2024-08-06 | N/A |
On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS. | ||||
CVE-2016-7547 | 1 Trendmicro | 1 Threat Discovery Appliance | 2024-08-06 | N/A |
A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in the admin_sys_time.cgi interface. | ||||
CVE-2016-6267 | 1 Trendmicro | 1 Smart Protection Server | 2024-08-06 | 8.8 High |
SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) spare_Community, (2) spare_AllowGroupIP, or (3) spare_AllowGroupNetmask parameter to admin_notification.php. | ||||
CVE-2016-6270 | 1 Trendmicro | 1 Virtual Mobile Infrastructure | 2024-08-06 | 8.8 High |
The handle_certificate function in /vmi/manager/engine/management/commands/apns_worker.py in Trend Micro Virtual Mobile Infrastructure before 5.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the password to api/v1/cfg/oauth/save_identify_pfx/. | ||||
CVE-2016-6268 | 1 Trendmicro | 1 Smart Protection Server | 2024-08-06 | 7.8 High |
Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows local webserv users to execute arbitrary code with root privileges via a Trojan horse .war file in the Solr webapps directory. | ||||
CVE-2016-6266 | 1 Trendmicro | 1 Smart Protection Server | 2024-08-06 | 8.8 High |
ccca_ajaxhandler.php in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) host or (2) apikey parameter in a register action, (3) enable parameter in a save_stting action, or (4) host or (5) apikey parameter in a test_connection action. | ||||
CVE-2016-6269 | 1 Trendmicro | 1 Smart Protection Server | 2024-08-06 | 9.1 Critical |
Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allow remote attackers to read and delete arbitrary files via the tmpfname parameter to (1) log_mgt_adhocquery_ajaxhandler.php, (2) log_mgt_ajaxhandler.php, (3) log_mgt_ajaxhandler.php or (4) tf parameter to wcs_bwlists_handler.php. | ||||
CVE-2016-6220 | 1 Trendmicro | 1 Control Manager | 2024-08-06 | 7.5 High |
Information Disclosure vulnerability in the Dashboard and Error Pages in Trend Micro Control Manager SP3 6.0. | ||||
CVE-2016-4351 | 1 Trendmicro | 1 Email Encryption Gateway | 2024-08-06 | 9.8 Critical |
SQL injection vulnerability in the authentication functionality in Trend Micro Email Encryption Gateway (TMEEG) 5.5 before build 1107 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2016-1225 | 1 Trendmicro | 1 Internet Security | 2024-08-05 | N/A |
Trend Micro Internet Security 8 and 10 allows remote attackers to read arbitrary files via unspecified vectors. | ||||
CVE-2016-1223 | 1 Trendmicro | 3 Officescan, Worry-free Business Security, Worry-free Business Security Services | 2024-08-05 | 5.3 Medium |
Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x, and Worry-Free Business Security 9.0 allows remote attackers to read arbitrary files via unspecified vectors. | ||||
CVE-2016-1224 | 1 Trendmicro | 2 Worry-free Business Security, Worry-free Business Security Services | 2024-08-05 | 6.1 Medium |
CRLF injection vulnerability in Trend Micro Worry-Free Business Security Service 5.x and Worry-Free Business Security 9.0 allows remote attackers to inject arbitrary HTTP headers and conduct cross-site scripting (XSS) attacks via unspecified vectors. | ||||
CVE-2016-1226 | 1 Trendmicro | 1 Internet Security | 2024-08-05 | N/A |
Cross-site scripting (XSS) vulnerability in Trend Micro Internet Security 8 and 10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2017-14096 | 1 Trendmicro | 1 Smart Protection Server | 2024-08-05 | N/A |
A stored cross site scripting (XSS) vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to execute a malicious payload on vulnerable systems. | ||||
CVE-2017-14097 | 1 Trendmicro | 1 Smart Protection Server | 2024-08-05 | N/A |
An improper access control vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to decrypt contents of a database with information that could be used to access a vulnerable system. | ||||
CVE-2017-14095 | 1 Trendmicro | 1 Smart Protection Server | 2024-08-05 | N/A |
A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a local file inclusion on a vulnerable system. |