Vulnerabilities > Trendmicro
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-30 | CVE-2016-6267 | Improper Input Validation vulnerability in Trendmicro Smart Protection Server 2.5/2.6/3.0 SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) spare_Community, (2) spare_AllowGroupIP, or (3) spare_AllowGroupNetmask parameter to admin_notification.php. | 8.8 |
| 2017-01-30 | CVE-2016-6266 | Improper Input Validation vulnerability in Trendmicro Smart Protection Server 2.5/2.6/3.0 ccca_ajaxhandler.php in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) host or (2) apikey parameter in a register action, (3) enable parameter in a save_stting action, or (4) host or (5) apikey parameter in a test_connection action. | 8.8 |
| 2016-06-19 | CVE-2016-1226 | Cross-site Scripting vulnerability in Trendmicro Internet Security 10.0/8.0 Cross-site scripting (XSS) vulnerability in Trend Micro Internet Security 8 and 10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2016-06-19 | CVE-2016-1225 | Information Exposure vulnerability in Trendmicro Internet Security 10.0/8.0 Trend Micro Internet Security 8 and 10 allows remote attackers to read arbitrary files via unspecified vectors. | 6.5 |
| 2016-06-19 | CVE-2016-1224 | Cross-site Scripting vulnerability in Trendmicro products CRLF injection vulnerability in Trend Micro Worry-Free Business Security Service 5.x and Worry-Free Business Security 9.0 allows remote attackers to inject arbitrary HTTP headers and conduct cross-site scripting (XSS) attacks via unspecified vectors. | 6.1 |
| 2016-06-19 | CVE-2016-1223 | Path Traversal vulnerability in Trendmicro products Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x, and Worry-Free Business Security 9.0 allows remote attackers to read arbitrary files via unspecified vectors. | 5.3 |
| 2016-05-05 | CVE-2016-4351 | SQL Injection vulnerability in Trendmicro Email Encryption Gateway 5.5 SQL injection vulnerability in the authentication functionality in Trend Micro Email Encryption Gateway (TMEEG) 5.5 before build 1107 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 9.8 |
| 2016-04-12 | CVE-2016-3987 | Improper Access Control vulnerability in Trendmicro Password Manager The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB. | 9.8 |
| 2008-08-27 | CVE-2008-2433 | Use of Insufficiently Random Values vulnerability in Trendmicro products The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business Security 5.0, and Client/Server/Messaging Suite 3.5 and 3.6 creates a random session token based only on the login time, which makes it easier for remote attackers to hijack sessions via brute-force attacks. | 9.8 |