Vulnerabilities > Trendmicro > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-03 | CVE-2017-11394 | Improper Input Validation vulnerability in Trendmicro Officescan 11.0/12.0 Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. | 10.0 |
| 2017-08-03 | CVE-2017-11393 | Improper Input Validation vulnerability in Trendmicro Officescan 11.0/12.0 Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. | 10.0 |
| 2017-05-26 | CVE-2017-9034 | Improper Input Validation vulnerability in Trendmicro Serverprotect 3.0 Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to write to arbitrary files and consequently execute arbitrary code with root privileges by leveraging failure to validate software updates. | 10.0 |
| 2017-04-28 | CVE-2016-8592 | Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance log_query_system.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | 9.0 |
| 2017-04-28 | CVE-2016-8591 | Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance log_query.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | 9.0 |
| 2017-04-28 | CVE-2016-8590 | Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance log_query_dlp.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | 9.0 |
| 2017-04-28 | CVE-2016-8589 | Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance log_query_dae.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | 9.0 |
| 2017-04-28 | CVE-2016-8586 | Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance detected_potential_files.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | 9.0 |
| 2017-04-28 | CVE-2016-8585 | Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter. | 9.0 |
| 2017-04-12 | CVE-2016-7552 | Path Traversal vulnerability in Trendmicro Threat Discovery Appliance 2.6.1062 On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. | 10.0 |