| CVE-2017-14089 |
critical |
9.8 |
10.0 |
EXP |
|
trendmicro |
9y ago |
An Unauthorized Memory Corruption vulnerability in Trend Micro OfficeScan 11.0 and XG may allow remote unauthenticated users who can access the OfficeScan server to target cgiShowClientAdm.exe and ca… |
| CVE-2017-14087 |
high |
7.5 |
8.5 |
EXP |
|
trendmicro |
9y ago |
A Host Header Injection vulnerability in Trend Micro OfficeScan XG (12.0) may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to a mali… |
| CVE-2017-14086 |
high |
7.5 |
8.5 |
EXP |
|
trendmicro |
9y ago |
Pre-authorization Start Remote Process vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to start the fcgiOfcDDA.exe executabl… |
| CVE-2017-14084 |
high |
8.1 |
9.1 |
EXP |
|
trendmicro |
9y ago |
A potential Man-in-the-Middle (MitM) attack vulnerability in Trend Micro OfficeScan 11.0 and XG may allow attackers to execute arbitrary code on vulnerable installations. |
| CVE-2017-14083 |
high |
7.5 |
8.5 |
EXP |
|
trendmicro |
9y ago |
A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote unauthenticated users who can access the system to download the OfficeScan encryption file. |
| CVE-2017-11394 |
critical |
9.8 |
10.0 |
EXP |
|
trendmicro |
9y ago |
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by par… |
| CVE-2017-11392 |
high |
8.8 |
9.8 |
EXP |
|
trendmicro |
9y ago |
Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw… |
| CVE-2017-11391 |
high |
8.8 |
9.8 |
EXP |
|
trendmicro |
9y ago |
Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw… |
| CVE-2016-7552 |
critical |
9.8 |
10.0 |
EXP |
|
trendmicro |
9y ago |
On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can… |
| CVE-2016-7547 |
critical |
9.8 |
10.0 |
EXP |
|
trendmicro |
9y ago |
A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in the admin_sys_time.cgi interface. |
| CVE-2017-6398 |
high |
8.8 |
9.8 |
EXP |
|
trendmicro |
9y ago |
An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. An authenticated user can execute a terminal command in the context of the web server user (which is … |
| CVE-2016-9315 |
high |
8.8 |
9.8 |
EXP |
|
trendmicro |
9y ago |
Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earli… |
| CVE-2016-9314 |
high |
7.8 |
8.8 |
EXP |
|
trendmicro |
9y ago |
Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authent… |
| CVE-2016-9269 |
critical |
9.9 |
10.0 |
EXP |
|
trendmicro |
9y ago |
Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated,… |
| CVE-2016-6267 |
high |
8.8 |
9.8 |
EXP |
|
trendmicro |
10y ago |
SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell meta… |
| CVE-2016-3987 |
critical |
9.8 |
10.0 |
EXP |
|
trendmicro |
10y ago |
The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB. |
| CVE-2014-9641 |
high |
— |
8.2 |
EXP |
|
trendmicro |
12y ago |
The tmeext.sys driver before 2.0.0.1015 in Trend Micro Antivirus Plus, Internet Security, and Maximum Security allows local users to write to arbitrary memory locations, and consequently gain privile… |
| CVE-2010-3189 |
critical |
— |
10.0 |
EXP |
|
trendmicro |
16y ago |
The extSetOwner function in the UfProxyBrowserCtrl ActiveX control (UfPBCtrl.dll) in Trend Micro Internet Security Pro 2010 allows remote attackers to execute arbitrary code via an invalid address th… |
