Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
trendmicro vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2017-11398
A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated malicious user to hijack active user sessions to perform authenticated requests on a vulnerable system.
Trendmicro Smart Protection Server
1 EDB exploit
8.8
CVSSv3
CVE-2017-14092
The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 12.0 web interface forms could allow an malicious user to submit authenticated requests when an authenticated user browses an attacker-controlled domain.
Trendmicro Scanmail 12.0
8.8
CVSSv3
CVE-2017-11395
Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnerable installations.
Trendmicro Smart Protection Server 3.2
Trendmicro Smart Protection Server 3.1
8.8
CVSSv3
CVE-2017-14079
Unrestricted file uploads in Trend Micro Mobile Security (Enterprise) versions prior to 9.7 Patch 3 allow remote malicious users to execute arbitrary code on vulnerable installations.
Trendmicro Mobile Security 9.7
8.8
CVSSv3
CVE-2017-14081
Proxy command injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions prior to 9.7 Patch 3 allow remote malicious users to execute arbitrary code on vulnerable installations.
Trendmicro Mobile Security
8.8
CVSSv3
CVE-2017-11391
Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote malicious users to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "t" parameter within modTMCSS Pr...
Trendmicro Interscan Messaging Security Virtual Appliance 9.0
Trendmicro Interscan Messaging Security Virtual Appliance 9.1
8.8
CVSSv3
CVE-2017-11392
Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote malicious users to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "T" parameter within modTMCSS Pr...
Trendmicro Interscan Messaging Security Virtual Appliance 9.0
Trendmicro Interscan Messaging Security Virtual Appliance 9.1
8.8
CVSSv3
CVE-2017-11388
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when RestfulServiceUtility.NET.dll doesn't properly validate user provided strings before constructing SQL queries. Formerly ZDI-CAN-4639 and ZDI-CAN-4638.
Trendmicro Control Manager 6.0
8.8
CVSSv3
CVE-2017-9033
Cross-site request forgery (CSRF) vulnerability in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows remote malicious users to hijack the authentication of users for requests to start an update from an arbitrary source via a crafted request to SProtectLinux/scanoption...
Trendmicro Serverprotect 3.0
8.8
CVSSv3
CVE-2017-5481
Trend Micro OfficeScan 11.0 before SP1 CP 6325 and XG before CP 1352 allows remote authenticated users to gain privileges by leveraging a leak of an encrypted password during a web-console operation.
Trendmicro Officescan 12.0
Trendmicro Officescan 11.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »