Vulnerabilities > Trendmicro
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-05-26 | CVE-2017-9033 | Cross-Site Request Forgery (CSRF) vulnerability in Trendmicro Serverprotect 3.0 Cross-site request forgery (CSRF) vulnerability in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows remote attackers to hijack the authentication of users for requests to start an update from an arbitrary source via a crafted request to SProtectLinux/scanoption_set.cgi, related to the lack of anti-CSRF tokens. | 6.8 |
2017-05-26 | CVE-2017-9032 | Cross-site Scripting vulnerability in Trendmicro Serverprotect 3.0 Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allow remote attackers to inject arbitrary web script or HTML via the (1) T1 or (2) tmLastConfigFileModifiedDate parameter to log_management.cgi. | 4.3 |
2017-05-05 | CVE-2017-8801 | Cross-site Scripting vulnerability in Trendmicro Officescan 11.0/12.0 Trend Micro OfficeScan 11.0 before SP1 CP 6325 (with Agent Module Build before 6152) and XG before CP 1352 has XSS via a crafted URI using a blocked website. | 4.3 |
2017-05-03 | CVE-2017-5481 | Information Exposure vulnerability in Trendmicro Officescan 11.0/12.0 Trend Micro OfficeScan 11.0 before SP1 CP 6325 and XG before CP 1352 allows remote authenticated users to gain privileges by leveraging a leak of an encrypted password during a web-console operation. | 4.0 |
2017-04-28 | CVE-2016-8593 | Path Traversal vulnerability in Trendmicro Threat Discovery Appliance Directory traversal vulnerability in upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via a .. | 6.5 |
2017-04-28 | CVE-2016-8592 | Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance log_query_system.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | 9.0 |
2017-04-28 | CVE-2016-8591 | Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance log_query.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | 9.0 |
2017-04-28 | CVE-2016-8590 | Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance log_query_dlp.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | 9.0 |
2017-04-28 | CVE-2016-8589 | Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance log_query_dae.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | 9.0 |
2017-04-28 | CVE-2016-8588 | Improper Access Control vulnerability in Trendmicro Threat Discovery Appliance The hotfix_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the file name of an uploaded file. | 6.0 |