Vulnerabilities > Trend Micro

DATE CVE VULNERABILITY TITLE RISK
2019-02-05 CVE-2018-18333 Untrusted Search Path vulnerability in Trend Micro products
A DLL hijacking vulnerability in Trend Micro Security 2019 (Consumer) versions below 15.0.0.1163 and below could allow an attacker to manipulate a specific DLL and escalate privileges on vulnerable installations.
6.8
2018-02-16 CVE-2018-6218 Untrusted Search Path vulnerability in Trend Micro products
A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system.
network
high complexity
trend-micro CWE-426
5.1
2017-03-10 CVE-2017-6798 Untrusted Search Path vulnerability in Trend Micro Endpoint Sensor
Trend Micro Endpoint Sensor 1.6 before b1290 has a DLL hijacking vulnerability that allows remote attackers to execute arbitrary code, aka Trend Micro Vulnerability Identifier 2015-0208.
network
trend-micro CWE-426
critical
9.3
2017-01-30 CVE-2016-6270 Command Injection vulnerability in Trend Micro Virtual Mobile Infrastructure 5.0
The handle_certificate function in /vmi/manager/engine/management/commands/apns_worker.py in Trend Micro Virtual Mobile Infrastructure before 5.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the password to api/v1/cfg/oauth/save_identify_pfx/.
network
low complexity
trend-micro CWE-77
critical
9.0
2017-01-30 CVE-2016-6269 Path Traversal vulnerability in Trend Micro Smart Protection Server 2.5/2.6/3.0
Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allow remote attackers to read and delete arbitrary files via the tmpfname parameter to (1) log_mgt_adhocquery_ajaxhandler.php, (2) log_mgt_ajaxhandler.php, (3) log_mgt_ajaxhandler.php or (4) tf parameter to wcs_bwlists_handler.php.
network
low complexity
trend-micro CWE-22
7.5
2017-01-30 CVE-2016-6268 Permissions, Privileges, and Access Controls vulnerability in Trend Micro Smart Protection Server 2.5/2.6/3.0
Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows local webserv users to execute arbitrary code with root privileges via a Trojan horse .war file in the Solr webapps directory.
local
low complexity
trend-micro CWE-264
7.2
2017-01-30 CVE-2016-6267 Improper Input Validation vulnerability in Trend Micro Smart Protection Server 2.5/2.6/3.0
SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) spare_Community, (2) spare_AllowGroupIP, or (3) spare_AllowGroupNetmask parameter to admin_notification.php.
network
low complexity
trend-micro CWE-20
6.5
2017-01-30 CVE-2016-6266 Improper Input Validation vulnerability in Trend Micro Smart Protection Server 2.5/2.6/3.0
ccca_ajaxhandler.php in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) host or (2) apikey parameter in a register action, (3) enable parameter in a save_stting action, or (4) host or (5) apikey parameter in a test_connection action.
network
low complexity
trend-micro CWE-20
6.5
2016-06-30 CVE-2016-5840 Improper Input Validation vulnerability in Trend Micro Deep Discovery Inspector 3.7/3.81/3.82
hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Content-Disposition header.
network
low complexity
trend-micro CWE-20
critical
9.0
2016-06-19 CVE-2016-1224 Cross-Site Scripting vulnerability in Trend Micro Business Security and Business Security Services
CRLF injection vulnerability in Trend Micro Worry-Free Business Security Service 5.x and Worry-Free Business Security 9.0 allows remote attackers to inject arbitrary HTTP headers and conduct cross-site scripting (XSS) attacks via unspecified vectors.
4.3