Vulnerabilities > Trend Micro
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-05 | CVE-2018-18333 | Untrusted Search Path vulnerability in Trend Micro products A DLL hijacking vulnerability in Trend Micro Security 2019 (Consumer) versions below 15.0.0.1163 and below could allow an attacker to manipulate a specific DLL and escalate privileges on vulnerable installations. | 6.8 |
| 2018-02-16 | CVE-2018-6218 | Untrusted Search Path vulnerability in Trend Micro products A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system. | 5.1 |
| 2017-03-10 | CVE-2017-6798 | Untrusted Search Path vulnerability in Trend Micro Endpoint Sensor Trend Micro Endpoint Sensor 1.6 before b1290 has a DLL hijacking vulnerability that allows remote attackers to execute arbitrary code, aka Trend Micro Vulnerability Identifier 2015-0208. | 9.3 |
| 2017-01-30 | CVE-2016-6270 | Command Injection vulnerability in Trend Micro Virtual Mobile Infrastructure 5.0 The handle_certificate function in /vmi/manager/engine/management/commands/apns_worker.py in Trend Micro Virtual Mobile Infrastructure before 5.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the password to api/v1/cfg/oauth/save_identify_pfx/. | 9.0 |
| 2017-01-30 | CVE-2016-6269 | Path Traversal vulnerability in Trend Micro Smart Protection Server 2.5/2.6/3.0 Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allow remote attackers to read and delete arbitrary files via the tmpfname parameter to (1) log_mgt_adhocquery_ajaxhandler.php, (2) log_mgt_ajaxhandler.php, (3) log_mgt_ajaxhandler.php or (4) tf parameter to wcs_bwlists_handler.php. | 7.5 |
| 2017-01-30 | CVE-2016-6268 | Permissions, Privileges, and Access Controls vulnerability in Trend Micro Smart Protection Server 2.5/2.6/3.0 Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows local webserv users to execute arbitrary code with root privileges via a Trojan horse .war file in the Solr webapps directory. | 7.2 |
| 2017-01-30 | CVE-2016-6267 | Improper Input Validation vulnerability in Trend Micro Smart Protection Server 2.5/2.6/3.0 SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) spare_Community, (2) spare_AllowGroupIP, or (3) spare_AllowGroupNetmask parameter to admin_notification.php. | 6.5 |
| 2017-01-30 | CVE-2016-6266 | Improper Input Validation vulnerability in Trend Micro Smart Protection Server 2.5/2.6/3.0 ccca_ajaxhandler.php in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) host or (2) apikey parameter in a register action, (3) enable parameter in a save_stting action, or (4) host or (5) apikey parameter in a test_connection action. | 6.5 |
| 2016-06-30 | CVE-2016-5840 | Improper Input Validation vulnerability in Trend Micro Deep Discovery Inspector 3.7/3.81/3.82 hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Content-Disposition header. | 9.0 |
| 2016-06-19 | CVE-2016-1224 | Cross-Site Scripting vulnerability in Trend Micro Business Security and Business Security Services CRLF injection vulnerability in Trend Micro Worry-Free Business Security Service 5.x and Worry-Free Business Security 9.0 allows remote attackers to inject arbitrary HTTP headers and conduct cross-site scripting (XSS) attacks via unspecified vectors. | 4.3 |