Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
trendmicro vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-11380
Backup archives were found to be encrypted with a static password across different installations, which suggest the same password may be used in all virtual appliance instances of Trend Micro Deep Discovery Director 1.1.
Trendmicro Deep Discovery Director 1.1
9.8
CVSSv3
CVE-2017-9034
Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows malicious users to write to arbitrary files and consequently execute arbitrary code with root privileges by leveraging failure to validate software updates.
Trendmicro Serverprotect 3.0
9.8
CVSSv3
CVE-2016-8584
Trend Micro Threat Discovery Appliance 2.6.1062r1 and previous versions uses predictable session values, which allows remote malicious users to bypass authentication by guessing the value.
Trendmicro Threat Discovery Appliance
2 Github repositories
9.8
CVSSv3
CVE-2016-7547
A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in the admin_sys_time.cgi interface.
Trendmicro Threat Discovery Appliance 2.6.1062
2 Metasploit modules
9.8
CVSSv3
CVE-2016-7552
On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated malicious user to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS.
Trendmicro Threat Discovery Appliance 2.6.1062
2 Metasploit modules
9.8
CVSSv3
CVE-2016-4351
SQL injection vulnerability in the authentication functionality in Trend Micro Email Encryption Gateway (TMEEG) 5.5 before build 1107 allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Trendmicro Email Encryption Gateway
9.8
CVSSv3
CVE-2016-3987
The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB.
Trendmicro Password Manager -
1 EDB exploit
9.8
CVSSv3
CVE-2008-2433
The web management console in Trend Micro OfficeScan 7.0 up to and including 8.0, Worry-Free Business Security 5.0, and Client/Server/Messaging Suite 3.5 and 3.6 creates a random session token based only on the login time, which makes it easier for remote malicious users to hijac...
Trendmicro Client Server Messaging Suite 3.5
Trendmicro Client Server Messaging Suite 3.6
Trendmicro Officescan
Trendmicro Worry-free Business Security 5.0
9.1
CVSSv3
CVE-2023-32521
A path traversal exists in a specific service dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an unauthenticated remote malicious user to delete arbitrary files.
Trendmicro Mobile Security 9.8
9.1
CVSSv3
CVE-2023-0587
A file upload vulnerability in exists in Trend Micro Apex One server build 11110. Using a malformed Content-Length header in an HTTP PUT message sent to URL /officescan/console/html/cgi/fcgiOfcDDA.exe, an unauthenticated remote attacker can upload arbitrary files to the SampleSub...
Trendmicro Apex One -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »