Vulnerabilities > Trendmicro > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-12 | CVE-2016-7547 | 7PK - Time and State vulnerability in Trendmicro Threat Discovery Appliance 2.6.1062 A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in the admin_sys_time.cgi interface. | 9.8 |
| 2017-02-21 | CVE-2016-9269 | Permissions, Privileges, and Access Controls vulnerability in Trendmicro Interscan web Security Virtual Appliance Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to run arbitrary commands on the system as root via Patch Update functionality. | 9.9 |
| 2017-01-30 | CVE-2016-6269 | Path Traversal vulnerability in Trendmicro Smart Protection Server 2.5/2.6/3.0 Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allow remote attackers to read and delete arbitrary files via the tmpfname parameter to (1) log_mgt_adhocquery_ajaxhandler.php, (2) log_mgt_ajaxhandler.php, (3) log_mgt_ajaxhandler.php or (4) tf parameter to wcs_bwlists_handler.php. | 9.1 |
| 2016-05-05 | CVE-2016-4351 | SQL Injection vulnerability in Trendmicro Email Encryption Gateway 5.5 SQL injection vulnerability in the authentication functionality in Trend Micro Email Encryption Gateway (TMEEG) 5.5 before build 1107 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 9.8 |
| 2016-04-12 | CVE-2016-3987 | Improper Access Control vulnerability in Trendmicro Password Manager The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB. | 9.8 |
| 2008-08-27 | CVE-2008-2433 | Use of Insufficiently Random Values vulnerability in Trendmicro products The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business Security 5.0, and Client/Server/Messaging Suite 3.5 and 3.6 creates a random session token based only on the login time, which makes it easier for remote attackers to hijack sessions via brute-force attacks. | 9.8 |