Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
trend micro vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-11380
Backup archives were found to be encrypted with a static password across different installations, which suggest the same password may be used in all virtual appliance instances of Trend Micro Deep Discovery Director 1.1.
Trendmicro Deep Discovery Director 1.1
9.8
CVSSv3
CVE-2017-11381
A command injection vulnerability exists in Trend Micro Deep Discovery Director 1.1 that allows an malicious user to restore accounts that can access the pre-configuration console.
Trendmicro Deep Discovery Director 1.1
9.8
CVSSv3
CVE-2017-9034
Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows malicious users to write to arbitrary files and consequently execute arbitrary code with root privileges by leveraging failure to validate software updates.
Trendmicro Serverprotect 3.0
9.8
CVSSv3
CVE-2016-8584
Trend Micro Threat Discovery Appliance 2.6.1062r1 and previous versions uses predictable session values, which allows remote malicious users to bypass authentication by guessing the value.
Trendmicro Threat Discovery Appliance
2 Github repositories
9.8
CVSSv3
CVE-2016-7547
A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in the admin_sys_time.cgi interface.
Trendmicro Threat Discovery Appliance 2.6.1062
2 Metasploit modules
9.8
CVSSv3
CVE-2016-7552
On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated malicious user to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS.
Trendmicro Threat Discovery Appliance 2.6.1062
2 Metasploit modules
9.8
CVSSv3
CVE-2017-5897
The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote malicious users to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access.
Linux Linux Kernel
Canonical Ubuntu Linux 14.04
Debian Debian Linux 8.0
9.8
CVSSv3
CVE-2016-4351
SQL injection vulnerability in the authentication functionality in Trend Micro Email Encryption Gateway (TMEEG) 5.5 before build 1107 allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Trendmicro Email Encryption Gateway
9.8
CVSSv3
CVE-2016-3987
The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB.
Trendmicro Password Manager -
1 EDB exploit
9.8
CVSSv3
CVE-2008-2433
The web management console in Trend Micro OfficeScan 7.0 up to and including 8.0, Worry-Free Business Security 5.0, and Client/Server/Messaging Suite 3.5 and 3.6 creates a random session token based only on the login time, which makes it easier for remote malicious users to hijac...
Trendmicro Client Server Messaging Suite 3.5
Trendmicro Client Server Messaging Suite 3.6
Trendmicro Officescan
Trendmicro Worry-free Business Security 5.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »