| CVE-2017-14089 |
critical |
9.8 |
10.0 |
EXP |
|
trendmicro |
9y ago |
An Unauthorized Memory Corruption vulnerability in Trend Micro OfficeScan 11.0 and XG may allow remote unauthenticated users who can access the OfficeScan server to target cgiShowClientAdm.exe and ca… |
| CVE-2017-14085 |
medium |
5.3 |
6.3 |
EXP |
|
trendmicro |
9y ago |
Information disclosure vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to query the network's NT domain or the PHP version a… |
| CVE-2017-11394 |
critical |
9.8 |
10.0 |
EXP |
|
trendmicro |
9y ago |
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by par… |
| CVE-2017-7896 |
medium |
6.1 |
7.1 |
EXP |
|
trendmicro |
9y ago |
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 before CP 1644 has XSS. |
| CVE-2016-7552 |
critical |
9.8 |
10.0 |
EXP |
|
trendmicro |
9y ago |
On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can… |
| CVE-2016-7547 |
critical |
9.8 |
10.0 |
EXP |
|
trendmicro |
9y ago |
A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in the admin_sys_time.cgi interface. |
| CVE-2017-6340 |
medium |
5.4 |
6.4 |
EXP |
|
trendmicro |
9y ago |
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 does not sanitize a rest/commonlog/report/template name field, which allows a 'Reports Only' user to inject malicious J… |
| CVE-2017-6339 |
medium |
6.5 |
7.5 |
EXP |
|
trendmicro |
9y ago |
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 mismanages certain key and certificate data. Per IWSVA documentation, by default, IWSVA acts as a private Certificate A… |
| CVE-2017-6338 |
medium |
6.5 |
7.5 |
EXP |
|
trendmicro |
9y ago |
Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Audit… |
| CVE-2016-9316 |
medium |
5.4 |
6.4 |
EXP |
|
trendmicro |
9y ago |
Multiple stored Cross-Site-Scripting (XSS) vulnerabilities in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Bu… |
| CVE-2016-9269 |
critical |
9.9 |
10.0 |
EXP |
|
trendmicro |
9y ago |
Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated,… |
| CVE-2016-3987 |
critical |
9.8 |
10.0 |
EXP |
|
trendmicro |
10y ago |
The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB. |
| CVE-2012-2996 |
medium |
— |
7.8 |
EXP |
|
trendmicro |
14y ago |
Cross-site request forgery (CSRF) vulnerability in saveAccountSubTab.imss in Trend Micro InterScan Messaging Security Suite 7.1-Build_Win32_1394 allows remote attackers to hijack the authentication o… |
| CVE-2012-2995 |
medium |
— |
5.3 |
EXP |
|
trendmicro |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro InterScan Messaging Security Suite 7.1-Build_Win32_1394 allow remote attackers to inject arbitrary web script or HTML via (1) the wr… |
| CVE-2010-3189 |
critical |
— |
10.0 |
EXP |
|
trendmicro |
16y ago |
The extSetOwner function in the UfProxyBrowserCtrl ActiveX control (UfPBCtrl.dll) in Trend Micro Internet Security Pro 2010 allows remote attackers to execute arbitrary code via an invalid address th… |
