| CVE-2025-71211 |
critical |
9.8 |
9.8 |
|
|
trendmicro |
13d ago |
A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is similar in … |
| CVE-2025-71210 |
critical |
9.8 |
9.8 |
|
|
trendmicro |
13d ago |
A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations.
Please note: although this vul… |
| CVE-2017-14090 |
critical |
9.1 |
9.1 |
|
|
trendmicro |
9y ago |
A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not encrypted. |
| CVE-2017-14089 |
critical |
9.8 |
10.0 |
EXP |
|
trendmicro |
9y ago |
An Unauthorized Memory Corruption vulnerability in Trend Micro OfficeScan 11.0 and XG may allow remote unauthenticated users who can access the OfficeScan server to target cgiShowClientAdm.exe and ca… |
| CVE-2017-14080 |
critical |
9.8 |
9.8 |
|
|
trendmicro |
9y ago |
Authentication bypass vulnerability in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allows attackers to access a specific part of the console using a blank password. |
| CVE-2017-14078 |
critical |
9.8 |
9.8 |
|
|
trendmicro |
9y ago |
SQL Injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. |
| CVE-2017-11394 |
critical |
9.8 |
10.0 |
EXP |
|
trendmicro |
9y ago |
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by par… |
| CVE-2017-11393 |
critical |
9.8 |
9.8 |
|
|
trendmicro |
9y ago |
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by par… |
| CVE-2017-11389 |
critical |
9.8 |
9.8 |
|
|
trendmicro |
9y ago |
Directory traversal vulnerability in Trend Micro Control Manager 6.0 allows remote code execution by attackers able to drop arbitrary files in a web-facing directory. Formerly ZDI-CAN-4684. |
| CVE-2017-11386 |
critical |
9.8 |
9.8 |
|
|
trendmicro |
9y ago |
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x4707 due to lack of proper user input validation in cmdHandlerNewReportScheduler.dll. Formerly ZD… |
| CVE-2017-11385 |
critical |
9.8 |
9.8 |
|
|
trendmicro |
9y ago |
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x6b1b due to lack of proper user input validation in cmdHandlerStatusMonitor.dll. Formerly ZDI-CAN… |
| CVE-2017-11384 |
critical |
9.8 |
9.8 |
|
|
trendmicro |
9y ago |
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x3b21 due to lack of proper user input validation in mdHandlerLicenseManager.dll. Formerly ZDI-CAN… |
| CVE-2017-11383 |
critical |
9.8 |
9.8 |
|
|
trendmicro |
9y ago |
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x1b07 due to lack of proper user input validation in cmdHandlerTVCSCommander.dll. Formerly ZDI-CAN… |
| CVE-2017-11381 |
critical |
9.8 |
9.8 |
|
|
trendmicro |
9y ago |
A command injection vulnerability exists in Trend Micro Deep Discovery Director 1.1 that allows an attacker to restore accounts that can access the pre-configuration console. |
| CVE-2017-11380 |
critical |
9.8 |
9.8 |
|
|
trendmicro |
9y ago |
Backup archives were found to be encrypted with a static password across different installations, which suggest the same password may be used in all virtual appliance instances of Trend Micro Deep Di… |
| CVE-2017-9034 |
critical |
9.8 |
9.8 |
|
|
trendmicro |
9y ago |
Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to write to arbitrary files and consequently execute arbitrary code with root privileges by leveraging failure to validate soft… |
| CVE-2016-8584 |
critical |
9.8 |
9.8 |
|
|
trendmicro |
9y ago |
Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses predictable session values, which allows remote attackers to bypass authentication by guessing the value. |
| CVE-2016-7552 |
critical |
9.8 |
10.0 |
EXP |
|
trendmicro |
9y ago |
On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can… |
| CVE-2016-7547 |
critical |
9.8 |
10.0 |
EXP |
|
trendmicro |
9y ago |
A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in the admin_sys_time.cgi interface. |
| CVE-2016-9269 |
critical |
9.9 |
10.0 |
EXP |
|
trendmicro |
9y ago |
Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated,… |
| CVE-2016-6269 |
critical |
9.1 |
9.1 |
|
|
trendmicro |
10y ago |
Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allow remote attackers to read and delete a… |
| CVE-2016-4351 |
critical |
9.8 |
9.8 |
|
|
trendmicro |
10y ago |
SQL injection vulnerability in the authentication functionality in Trend Micro Email Encryption Gateway (TMEEG) 5.5 before build 1107 allows remote attackers to execute arbitrary SQL commands via uns… |
| CVE-2016-3987 |
critical |
9.8 |
10.0 |
EXP |
|
trendmicro |
10y ago |
The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB. |
| CVE-2010-3189 |
critical |
— |
10.0 |
EXP |
|
trendmicro |
16y ago |
The extSetOwner function in the UfProxyBrowserCtrl ActiveX control (UfPBCtrl.dll) in Trend Micro Internet Security Pro 2010 allows remote attackers to execute arbitrary code via an invalid address th… |
