Filtered by vendor Trendmicro Subscriptions
Total 497 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2016-8592 1 Trendmicro 1 Threat Discovery Appliance 2024-08-06 N/A
log_query_system.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
CVE-2016-8589 1 Trendmicro 1 Threat Discovery Appliance 2024-08-06 N/A
log_query_dae.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
CVE-2016-8587 1 Trendmicro 1 Threat Discovery Appliance 2024-08-06 N/A
dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via an archive file containing a symlink to /eng_ptn_stores/prod/sensorSDK/data/ or /eng_ptn_stores/prod/sensorSDK/backup_pol/.
CVE-2016-8588 1 Trendmicro 1 Threat Discovery Appliance 2024-08-06 N/A
The hotfix_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the file name of an uploaded file.
CVE-2016-7552 1 Trendmicro 1 Threat Discovery Appliance 2024-08-06 N/A
On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS.
CVE-2016-7547 1 Trendmicro 1 Threat Discovery Appliance 2024-08-06 N/A
A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in the admin_sys_time.cgi interface.
CVE-2016-6267 1 Trendmicro 1 Smart Protection Server 2024-08-06 8.8 High
SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) spare_Community, (2) spare_AllowGroupIP, or (3) spare_AllowGroupNetmask parameter to admin_notification.php.
CVE-2016-6270 1 Trendmicro 1 Virtual Mobile Infrastructure 2024-08-06 8.8 High
The handle_certificate function in /vmi/manager/engine/management/commands/apns_worker.py in Trend Micro Virtual Mobile Infrastructure before 5.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the password to api/v1/cfg/oauth/save_identify_pfx/.
CVE-2016-6268 1 Trendmicro 1 Smart Protection Server 2024-08-06 7.8 High
Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows local webserv users to execute arbitrary code with root privileges via a Trojan horse .war file in the Solr webapps directory.
CVE-2016-6266 1 Trendmicro 1 Smart Protection Server 2024-08-06 8.8 High
ccca_ajaxhandler.php in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) host or (2) apikey parameter in a register action, (3) enable parameter in a save_stting action, or (4) host or (5) apikey parameter in a test_connection action.
CVE-2016-6269 1 Trendmicro 1 Smart Protection Server 2024-08-06 9.1 Critical
Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allow remote attackers to read and delete arbitrary files via the tmpfname parameter to (1) log_mgt_adhocquery_ajaxhandler.php, (2) log_mgt_ajaxhandler.php, (3) log_mgt_ajaxhandler.php or (4) tf parameter to wcs_bwlists_handler.php.
CVE-2016-6220 1 Trendmicro 1 Control Manager 2024-08-06 7.5 High
Information Disclosure vulnerability in the Dashboard and Error Pages in Trend Micro Control Manager SP3 6.0.
CVE-2016-4351 1 Trendmicro 1 Email Encryption Gateway 2024-08-06 9.8 Critical
SQL injection vulnerability in the authentication functionality in Trend Micro Email Encryption Gateway (TMEEG) 5.5 before build 1107 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2016-1225 1 Trendmicro 1 Internet Security 2024-08-05 N/A
Trend Micro Internet Security 8 and 10 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2016-1223 1 Trendmicro 3 Officescan, Worry-free Business Security, Worry-free Business Security Services 2024-08-05 5.3 Medium
Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x, and Worry-Free Business Security 9.0 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2016-1224 1 Trendmicro 2 Worry-free Business Security, Worry-free Business Security Services 2024-08-05 6.1 Medium
CRLF injection vulnerability in Trend Micro Worry-Free Business Security Service 5.x and Worry-Free Business Security 9.0 allows remote attackers to inject arbitrary HTTP headers and conduct cross-site scripting (XSS) attacks via unspecified vectors.
CVE-2016-1226 1 Trendmicro 1 Internet Security 2024-08-05 N/A
Cross-site scripting (XSS) vulnerability in Trend Micro Internet Security 8 and 10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2017-14096 1 Trendmicro 1 Smart Protection Server 2024-08-05 N/A
A stored cross site scripting (XSS) vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to execute a malicious payload on vulnerable systems.
CVE-2017-14097 1 Trendmicro 1 Smart Protection Server 2024-08-05 N/A
An improper access control vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to decrypt contents of a database with information that could be used to access a vulnerable system.
CVE-2017-14095 1 Trendmicro 1 Smart Protection Server 2024-08-05 N/A
A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a local file inclusion on a vulnerable system.