VIR Vulnerability Intelligence Relay

Search

Found 58 results in 22ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-34926 medium 6.7 8.2 KEV trendmicro 14d ago Trend Micro Apex One (on-premise) contains a directory traversal vulnerability that could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to depl…
CVE-2025-71211 critical 9.8 9.8 trendmicro 14d ago A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is similar in …
CVE-2025-71210 critical 9.8 9.8 trendmicro 14d ago A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. Please note: although this vul…
CVE-2017-14093 medium 6.1 6.1 trendmicro 9y ago The Log Query and Quarantine Query pages in Trend Micro ScanMail for Exchange 12.0 are vulnerable to cross site scripting (XSS) attacks.
CVE-2017-14090 critical 9.1 9.1 trendmicro 9y ago A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not encrypted.
CVE-2017-14089 critical 9.8 10.0 EXP trendmicro 9y ago An Unauthorized Memory Corruption vulnerability in Trend Micro OfficeScan 11.0 and XG may allow remote unauthenticated users who can access the OfficeScan server to target cgiShowClientAdm.exe and ca…
CVE-2017-14085 medium 5.3 6.3 EXP trendmicro 9y ago Information disclosure vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to query the network's NT domain or the PHP version a…
CVE-2017-14080 critical 9.8 9.8 trendmicro 9y ago Authentication bypass vulnerability in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allows attackers to access a specific part of the console using a blank password.
CVE-2017-14078 critical 9.8 9.8 trendmicro 9y ago SQL Injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.
CVE-2017-11394 critical 9.8 10.0 EXP trendmicro 9y ago Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by par…
CVE-2017-11393 critical 9.8 9.8 trendmicro 9y ago Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by par…
CVE-2017-11389 critical 9.8 9.8 trendmicro 9y ago Directory traversal vulnerability in Trend Micro Control Manager 6.0 allows remote code execution by attackers able to drop arbitrary files in a web-facing directory. Formerly ZDI-CAN-4684.
CVE-2017-11386 critical 9.8 9.8 trendmicro 9y ago SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x4707 due to lack of proper user input validation in cmdHandlerNewReportScheduler.dll. Formerly ZD…
CVE-2017-11385 critical 9.8 9.8 trendmicro 9y ago SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x6b1b due to lack of proper user input validation in cmdHandlerStatusMonitor.dll. Formerly ZDI-CAN…
CVE-2017-11384 critical 9.8 9.8 trendmicro 9y ago SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x3b21 due to lack of proper user input validation in mdHandlerLicenseManager.dll. Formerly ZDI-CAN…
CVE-2017-11383 critical 9.8 9.8 trendmicro 9y ago SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x1b07 due to lack of proper user input validation in cmdHandlerTVCSCommander.dll. Formerly ZDI-CAN…
CVE-2017-11381 critical 9.8 9.8 trendmicro 9y ago A command injection vulnerability exists in Trend Micro Deep Discovery Director 1.1 that allows an attacker to restore accounts that can access the pre-configuration console.
CVE-2017-11380 critical 9.8 9.8 trendmicro 9y ago Backup archives were found to be encrypted with a static password across different installations, which suggest the same password may be used in all virtual appliance instances of Trend Micro Deep Di…
CVE-2017-9037 medium 6.1 6.1 trendmicro 9y ago Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allow remote attackers to inject arbitrary web script or HTML via the (1) S44, (2) S5, (3…
CVE-2017-9034 critical 9.8 9.8 trendmicro 9y ago Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to write to arbitrary files and consequently execute arbitrary code with root privileges by leveraging failure to validate soft…
CVE-2017-9032 medium 6.1 6.1 trendmicro 9y ago Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allow remote attackers to inject arbitrary web script or HTML via the (1) T1 or (2) tmLas…
CVE-2017-8801 medium 6.1 6.1 trendmicro 9y ago Trend Micro OfficeScan 11.0 before SP1 CP 6325 (with Agent Module Build before 6152) and XG before CP 1352 has XSS via a crafted URI using a blocked website.
CVE-2016-8584 critical 9.8 9.8 trendmicro 9y ago Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses predictable session values, which allows remote attackers to bypass authentication by guessing the value.
CVE-2017-7896 medium 6.1 7.1 EXP trendmicro 9y ago Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 before CP 1644 has XSS.
CVE-2016-7552 critical 9.8 10.0 EXP trendmicro 9y ago On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can…
CVE-2016-7547 critical 9.8 10.0 EXP trendmicro 9y ago A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in the admin_sys_time.cgi interface.
CVE-2017-6340 medium 5.4 6.4 EXP trendmicro 9y ago Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 does not sanitize a rest/commonlog/report/template name field, which allows a 'Reports Only' user to inject malicious J…
CVE-2017-6339 medium 6.5 7.5 EXP trendmicro 9y ago Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 mismanages certain key and certificate data. Per IWSVA documentation, by default, IWSVA acts as a private Certificate A…
CVE-2017-6338 medium 6.5 7.5 EXP trendmicro 9y ago Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Audit…
CVE-2016-9319 medium 5.9 5.9 trendmicro 9y ago There is Missing SSL Certificate Validation in the Trend Micro Enterprise Mobile Security Android Application before 9.7.1193, aka VRTS-398.
CVE-2017-5565 medium 6.7 6.7 trendmicro 9y ago Code injection vulnerability in Trend Micro Maximum Security 11.0 (and earlier), Internet Security 11.0 (and earlier), and Antivirus+ Security 11.0 (and earlier) allows a local attacker to bypass a s…
CVE-2016-9316 medium 5.4 6.4 EXP trendmicro 9y ago Multiple stored Cross-Site-Scripting (XSS) vulnerabilities in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Bu…
CVE-2016-9269 critical 9.9 10.0 EXP trendmicro 9y ago Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated,…
CVE-2016-6269 critical 9.1 9.1 trendmicro 10y ago Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allow remote attackers to read and delete a…
CVE-2016-1226 medium 6.1 6.1 trendmicro 10y ago Cross-site scripting (XSS) vulnerability in Trend Micro Internet Security 8 and 10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-1225 medium 6.5 6.5 trendmicro 10y ago Trend Micro Internet Security 8 and 10 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2016-1224 medium 6.1 6.1 trendmicro 10y ago CRLF injection vulnerability in Trend Micro Worry-Free Business Security Service 5.x and Worry-Free Business Security 9.0 allows remote attackers to inject arbitrary HTTP headers and conduct cross-si…
CVE-2016-1223 medium 5.3 5.3 trendmicro 10y ago Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x, and Worry-Free Business Security 9.0 allows remote attackers to read arbitrary files via u…
CVE-2016-4351 critical 9.8 9.8 trendmicro 10y ago SQL injection vulnerability in the authentication functionality in Trend Micro Email Encryption Gateway (TMEEG) 5.5 before build 1107 allows remote attackers to execute arbitrary SQL commands via uns…
CVE-2016-3987 critical 9.8 10.0 EXP trendmicro 10y ago The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB.
CVE-2015-2873 medium 5.5 trendmicro 11y ago Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions a…
CVE-2015-2872 medium 4.3 trendmicro 11y ago Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x befor…
CVE-2014-8510 medium 4.0 trendmicro 12y ago The AdminUI in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) before 6.0 HF build 1244 allows remote authenticated users to read arbitrary files via vectors related to configuration inp…
CVE-2014-3922 medium 4.3 trendmicro 12y ago Cross-site scripting (XSS) vulnerability in Trend Micro InterScan Messaging Security Virtual Appliance 8.5.1.1516 allows remote authenticated users to inject arbitrary web script or HTML via the addW…
CVE-2012-2996 medium 7.8 EXP trendmicro 14y ago Cross-site request forgery (CSRF) vulnerability in saveAccountSubTab.imss in Trend Micro InterScan Messaging Security Suite 7.1-Build_Win32_1394 allows remote attackers to hijack the authentication o…
CVE-2012-2995 medium 5.3 EXP trendmicro 14y ago Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro InterScan Messaging Security Suite 7.1-Build_Win32_1394 allow remote attackers to inject arbitrary web script or HTML via (1) the wr…
CVE-2010-5179 medium 6.2 windows windows trendmicro 14y ago Race condition in Trend Micro Internet Security Pro 2010 17.50.1647.0000 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be block…
CVE-2012-1461 medium 4.3 anti-virusauthentiumavg 14y ago The Gzip file parser in AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, Ikarus V…
CVE-2012-1459 medium 4.3 FIX debian debian ahnlabalwilanti-virus 14y ago The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefen…
CVE-2012-1457 medium 4.3 FIX debian debian aladdinalwilanti-virus 14y ago The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.…
CVE-2012-1456 medium 4.3 aladdinavgcat 14y ago The TAR file parser in AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, Fortinet Ant…
CVE-2012-1453 medium 4.3 antiycadrweb 14y ago The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly W…
CVE-2012-1448 medium 4.3 catemsisoftikarus 14y ago The CAB file parser in Quick Heal (aka Cat QuickHeal) 11.00, Trend Micro AntiVirus 9.120.0.1004, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Trend Micro HouseCall 9.120.0.1004, and Emsis…
CVE-2012-1443 medium 4.3 ahnlabaladdinalwil 14y ago The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antiv…
CVE-2012-1425 medium 4.3 antiyaviracat 14y ago The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities …
CVE-2011-1327 low 2.1 trendmicro 15y ago The Keystroke Encryption feature in Trend Micro Internet Security 2009 (aka Virus Buster 2009 and PC-cillin 2009) does not completely encrypt passwords, which allows local users to obtain sensitive i…
CVE-2010-3189 critical 10.0 EXP trendmicro 16y ago The extSetOwner function in the UfProxyBrowserCtrl ActiveX control (UfPBCtrl.dll) in Trend Micro Internet Security Pro 2010 allows remote attackers to execute arbitrary code via an invalid address th…
CVE-2010-0564 medium 5.0 trendmicro 17y ago Buffer overflow in Trend Micro URL Filtering Engine (TMUFE) in OfficeScan 8.0 before SP1 Patch 5 - Build 3510, possibly tmufeng.dll before 3.0.0.1029, allows attackers to cause a denial of service (c…