Vulnerabilities > Trend Micro
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-06-30 | CVE-2016-5840 | Improper Input Validation vulnerability in Trend Micro Deep Discovery Inspector 3.7/3.81/3.82 hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Content-Disposition header. | 9.0 |
| 2016-05-23 | CVE-2016-3664 | Information Exposure vulnerability in Trend Micro Mobile Security 3.1 Trend Micro Mobile Security for iOS before 3.2.1188 does not verify the X.509 certificate of the mobile application login server, which allows man-in-the-middle attackers to spoof this server and obtain sensitive information via a crafted certificate. | 5.8 |
| 2015-05-14 | CVE-2015-3326 | Unspecified vulnerability in Trend Micro Scanmail 10.2/11.0 Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 before Hot Fix Build 3318 and 11.0 before Hot Fix Build 4180 creates session IDs for the web console using a random number generator with predictable values, which makes it easier for remote attackers to bypass authentication via a brute force attack. | 5.0 |
| 2012-09-28 | CVE-2012-2998 | SQL Injection vulnerability in Trend Micro Control Manager SQL injection vulnerability in the ad hoc query module in Trend Micro Control Manager (TMCM) before 5.5.0.1823 and 6.0 before 6.0.0.1449 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2011-12-25 | CVE-2011-5001 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Trend Micro Control Manager Stack-based buffer overflow in the CGenericScheduler::AddTask function in cmdHandlerRedAlertController.dll in CmdProcessor.exe in Trend Micro Control Manager 5.5 before Build 1613 allows remote attackers to execute arbitrary code via a crafted IPC packet to TCP port 20101. | 10.0 |
| 2009-01-21 | CVE-2008-3866 | Improper Authentication vulnerability in Trend Micro products The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets. | 4.6 |
| 2009-01-21 | CVE-2008-3865 | Buffer Errors vulnerability in Trend Micro products Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field. | 10.0 |
| 2009-01-21 | CVE-2008-3864 | Improper Input Validation vulnerability in Trend Micro products The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field. | 5.0 |
| 2008-12-23 | CVE-2008-2435 | Resource Management Errors vulnerability in Trend Micro Housecall 6.51.0.1028/6.6.0.1278 Use-after-free vulnerability in the Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in Housecall_ActiveX.dll allows remote attackers to execute arbitrary code via a crafted notifyOnLoadNative callback function. | 9.3 |
| 2008-12-23 | CVE-2008-2434 | Code Injection vulnerability in Trend Micro Housecall 6.51.0.1028/6.6/6.6.0.1278 The Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in Housecall_ActiveX.dll allows remote attackers to download an arbitrary library file onto a client system via a "custom update server" argument. | 9.3 |