| CVE-2017-14087 |
high |
7.5 |
8.5 |
EXP |
|
trendmicro |
9y ago |
A Host Header Injection vulnerability in Trend Micro OfficeScan XG (12.0) may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to a mali… |
| CVE-2017-14086 |
high |
7.5 |
8.5 |
EXP |
|
trendmicro |
9y ago |
Pre-authorization Start Remote Process vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to start the fcgiOfcDDA.exe executabl… |
| CVE-2017-14085 |
medium |
5.3 |
6.3 |
EXP |
|
trendmicro |
9y ago |
Information disclosure vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to query the network's NT domain or the PHP version a… |
| CVE-2017-14084 |
high |
8.1 |
9.1 |
EXP |
|
trendmicro |
9y ago |
A potential Man-in-the-Middle (MitM) attack vulnerability in Trend Micro OfficeScan 11.0 and XG may allow attackers to execute arbitrary code on vulnerable installations. |
| CVE-2017-14083 |
high |
7.5 |
8.5 |
EXP |
|
trendmicro |
9y ago |
A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote unauthenticated users who can access the system to download the OfficeScan encryption file. |
| CVE-2017-11392 |
high |
8.8 |
9.8 |
EXP |
|
trendmicro |
9y ago |
Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw… |
| CVE-2017-11391 |
high |
8.8 |
9.8 |
EXP |
|
trendmicro |
9y ago |
Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw… |
| CVE-2017-7896 |
medium |
6.1 |
7.1 |
EXP |
|
trendmicro |
9y ago |
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 before CP 1644 has XSS. |
| CVE-2017-6340 |
medium |
5.4 |
6.4 |
EXP |
|
trendmicro |
9y ago |
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 does not sanitize a rest/commonlog/report/template name field, which allows a 'Reports Only' user to inject malicious J… |
| CVE-2017-6339 |
medium |
6.5 |
7.5 |
EXP |
|
trendmicro |
9y ago |
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 mismanages certain key and certificate data. Per IWSVA documentation, by default, IWSVA acts as a private Certificate A… |
| CVE-2017-6338 |
medium |
6.5 |
7.5 |
EXP |
|
trendmicro |
9y ago |
Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Audit… |
| CVE-2017-6398 |
high |
8.8 |
9.8 |
EXP |
|
trendmicro |
9y ago |
An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. An authenticated user can execute a terminal command in the context of the web server user (which is … |
| CVE-2016-9316 |
medium |
5.4 |
6.4 |
EXP |
|
trendmicro |
9y ago |
Multiple stored Cross-Site-Scripting (XSS) vulnerabilities in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Bu… |
| CVE-2016-9315 |
high |
8.8 |
9.8 |
EXP |
|
trendmicro |
9y ago |
Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earli… |
| CVE-2016-9314 |
high |
7.8 |
8.8 |
EXP |
|
trendmicro |
9y ago |
Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authent… |
| CVE-2016-6267 |
high |
8.8 |
9.8 |
EXP |
|
trendmicro |
10y ago |
SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell meta… |
| CVE-2014-9641 |
high |
— |
8.2 |
EXP |
|
trendmicro |
12y ago |
The tmeext.sys driver before 2.0.0.1015 in Trend Micro Antivirus Plus, Internet Security, and Maximum Security allows local users to write to arbitrary memory locations, and consequently gain privile… |
| CVE-2012-2996 |
medium |
— |
7.8 |
EXP |
|
trendmicro |
14y ago |
Cross-site request forgery (CSRF) vulnerability in saveAccountSubTab.imss in Trend Micro InterScan Messaging Security Suite 7.1-Build_Win32_1394 allows remote attackers to hijack the authentication o… |
| CVE-2012-2995 |
medium |
— |
5.3 |
EXP |
|
trendmicro |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro InterScan Messaging Security Suite 7.1-Build_Win32_1394 allow remote attackers to inject arbitrary web script or HTML via (1) the wr… |
