Vulnerabilities > Trendmicro > Officescan

DATE CVE VULNERABILITY TITLE RISK
2017-10-06 CVE-2017-14085 Information Exposure vulnerability in Trendmicro Officescan 11.0/12.0
Information disclosure vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to query the network's NT domain or the PHP version and modules.
network
low complexity
trendmicro CWE-200
5.0
2017-10-06 CVE-2017-14084 Unspecified vulnerability in Trendmicro Officescan 11.0/12.0
A potential Man-in-the-Middle (MitM) attack vulnerability in Trend Micro OfficeScan 11.0 and XG may allow attackers to execute arbitrary code on vulnerable installations.
network
trendmicro
6.8
2017-10-06 CVE-2017-14083 Unspecified vulnerability in Trendmicro Officescan 11.0/12.0
A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote unauthenticated users who can access the system to download the OfficeScan encryption file.
network
low complexity
trendmicro
5.0
2017-08-03 CVE-2017-11394 Improper Input Validation vulnerability in Trendmicro Officescan 11.0/12.0
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations.
network
low complexity
trendmicro CWE-20
critical
10.0
2017-08-03 CVE-2017-11393 Improper Input Validation vulnerability in Trendmicro Officescan 11.0/12.0
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations.
network
low complexity
trendmicro CWE-20
critical
10.0
2017-05-05 CVE-2017-8801 Cross-site Scripting vulnerability in Trendmicro Officescan 11.0/12.0
Trend Micro OfficeScan 11.0 before SP1 CP 6325 (with Agent Module Build before 6152) and XG before CP 1352 has XSS via a crafted URI using a blocked website.
network
trendmicro CWE-79
4.3
2017-05-03 CVE-2017-5481 Information Exposure vulnerability in Trendmicro Officescan 11.0/12.0
Trend Micro OfficeScan 11.0 before SP1 CP 6325 and XG before CP 1352 allows remote authenticated users to gain privileges by leveraging a leak of an encrypted password during a web-console operation.
network
low complexity
trendmicro CWE-200
4.0
2016-06-19 CVE-2016-1223 Path Traversal vulnerability in Trendmicro products
Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x, and Worry-Free Business Security 9.0 allows remote attackers to read arbitrary files via unspecified vectors.
network
low complexity
trendmicro CWE-22
5.0
2010-02-10 CVE-2010-0564 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Trendmicro Officescan
Buffer overflow in Trend Micro URL Filtering Engine (TMUFE) in OfficeScan 8.0 before SP1 Patch 5 - Build 3510, possibly tmufeng.dll before 3.0.0.1029, allows attackers to cause a denial of service (crash or OfficeScan hang) via unspecified vectors.
network
low complexity
trendmicro CWE-119
5.0
2009-04-27 CVE-2009-1435 Resource Management Errors vulnerability in Trendmicro Officescan 8.0
NTRtScan.exe in Trend Micro OfficeScan Client 8.0 SP1 and 8.0 SP1 Patch 1 allows local users to cause a denial of service (application crash) via directories with long pathnames.
local
low complexity
trendmicro CWE-399
2.1