Vulnerabilities > Trendmicro > Critical

DATE CVE VULNERABILITY TITLE RISK
2017-04-12 CVE-2016-7552 Path Traversal vulnerability in Trendmicro Threat Discovery Appliance 2.6.1062
On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root.
network
low complexity
trendmicro CWE-22
critical
10.0
2017-03-14 CVE-2017-6398 Remote Code Execution vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 9.11600
An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600.
network
low complexity
trendmicro
critical
9.0
2017-03-10 CVE-2017-6798 Untrusted Search Path vulnerability in Trendmicro Endpoint Sensor 1.6
Trend Micro Endpoint Sensor 1.6 before b1290 has a DLL hijacking vulnerability that allows remote attackers to execute arbitrary code, aka Trend Micro Vulnerability Identifier 2015-0208.
network
trendmicro CWE-426
critical
9.3
2017-02-21 CVE-2016-9269 Permissions, Privileges, and Access Controls vulnerability in Trendmicro Interscan web Security Virtual Appliance
Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to run arbitrary commands on the system as root via Patch Update functionality.
network
low complexity
trendmicro CWE-264
critical
9.0
2017-01-30 CVE-2016-6270 Command Injection vulnerability in Trendmicro Virtual Mobile Infrastructure 5.0
The handle_certificate function in /vmi/manager/engine/management/commands/apns_worker.py in Trend Micro Virtual Mobile Infrastructure before 5.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the password to api/v1/cfg/oauth/save_identify_pfx/.
network
low complexity
trendmicro CWE-77
critical
9.0
2016-04-12 CVE-2016-3987 Improper Access Control vulnerability in Trendmicro Password Manager
The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB.
network
low complexity
trendmicro CWE-284
critical
10.0
2010-08-31 CVE-2010-3189 Code Injection vulnerability in Trendmicro Internet Security 2010
The extSetOwner function in the UfProxyBrowserCtrl ActiveX control (UfPBCtrl.dll) in Trend Micro Internet Security Pro 2010 allows remote attackers to execute arbitrary code via an invalid address that is dereferenced as a pointer.
network
trendmicro CWE-94
critical
9.3
2008-08-27 CVE-2008-2433 Use of Insufficiently Random Values vulnerability in Trendmicro products
The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business Security 5.0, and Client/Server/Messaging Suite 3.5 and 3.6 creates a random session token based only on the login time, which makes it easier for remote attackers to hijack sessions via brute-force attacks.
network
low complexity
trendmicro CWE-330
critical
9.8