Filtered by vendor Trend Micro
Subscribe
Total
109 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-2430 | 1 Trend Micro | 1 Officescan | 2017-07-10 | 7.2 HIGH | N/A |
Trend OfficeScan Corporate Edition 5.58 and possibly earler does not drop privileges when opening a help window from a virus detection pop-up window, which allows local users to gain SYSTEM privileges. | |||||
CVE-2004-1859 | 1 Trend Micro | 1 Interscan Viruswall For Windows Nt | 2017-07-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Trend Micro Interscan Web Viruswall in InterScan VirusWall 3.5x allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. | |||||
CVE-2004-2006 | 1 Trend Micro | 1 Officescan | 2017-07-10 | 4.6 MEDIUM | N/A |
Trend Micro OfficeScan 3.0 - 6.0 has default permissions of "Everyone Full Control" on the installation directory and registry keys, which allows local users to disable virus protection. | |||||
CVE-2004-1003 | 1 Trend Micro | 1 Scanmail Domino | 2017-07-10 | 5.0 MEDIUM | N/A |
Trend ScanMail allows remote attackers to obtain potentially sensitive information or disable the anti-virus capability via the smency.nsf file. | |||||
CVE-2015-3326 | 1 Trend Micro | 1 Scanmail | 2017-01-02 | 5.0 MEDIUM | N/A |
Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 before Hot Fix Build 3318 and 11.0 before Hot Fix Build 4180 creates session IDs for the web console using a random number generator with predictable values, which makes it easier for remote attackers to bypass authentication via a brute force attack. | |||||
CVE-2016-5840 | 1 Trend Micro | 1 Deep Discovery Inspector | 2016-11-28 | 9.0 HIGH | 7.2 HIGH |
hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Content-Disposition header. | |||||
CVE-2002-1121 | 4 Gfi, Network Associates, Roaring Penguin and 1 more | 5 Mailsecurity, Webshield Smtp, Canit and 2 more | 2016-10-17 | 7.5 HIGH | N/A |
SMTP content filter engines, including (1) GFI MailSecurity for Exchange/SMTP before 7.2, (2) InterScan VirusWall before 3.52 build 1494, (3) the default configuration of MIMEDefang before 2.21, and possibly other products, do not detect fragmented emails as defined in RFC2046 ("Message Fragmentation and Reassembly") and supported in such products as Outlook Express, which allows remote attackers to bypass content filtering, including virus checking, via fragmented emails of the message/partial content type. | |||||
CVE-2001-0410 | 1 Trend Micro | 1 Virus Buster 2001 | 2016-10-17 | 7.5 HIGH | N/A |
Buffer overflow in Trend Micro Virus Buster 2001 8.02 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long "From" header. | |||||
CVE-2016-3664 | 1 Trend Micro | 1 Mobile Security | 2016-05-25 | 5.8 MEDIUM | 7.4 HIGH |
Trend Micro Mobile Security for iOS before 3.2.1188 does not verify the X.509 certificate of the mobile application login server, which allows man-in-the-middle attackers to spoof this server and obtain sensitive information via a crafted certificate. | |||||
CVE-2012-2998 | 1 Trend Micro | 1 Control Manager | 2013-02-13 | 7.5 HIGH | N/A |
SQL injection vulnerability in the ad hoc query module in Trend Micro Control Manager (TMCM) before 5.5.0.1823 and 6.0 before 6.0.0.1449 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2007-2528 | 1 Trend Micro | 1 Serverprotect | 2012-11-05 | 10.0 HIGH | N/A |
Buffer overflow in AgRpcCln.dll for Trend Micro ServerProtect 5.58 for Windows before Security Patch 3 Build 1176 allows remote attackers to execute arbitrary code via unknown vectors related to RPC requests. NOTE: this is probably a different vulnerability than CVE-2007-2508. | |||||
CVE-2005-1928 | 1 Trend Micro | 1 Serverprotect Earthagent | 2011-05-19 | 7.8 HIGH | N/A |
Trend Micro ServerProtect EarthAgent for Windows Management Console 5.58 and possibly earlier versions, when running with Trend Micro Control Manager 2.5 and 3.0, and Damage Cleanup Server 1.1, allows remote attackers to cause a denial of service (CPU consumption) via a flood of crafted packets with a certain "magic value" to port 5005, which also leads to a memory leak. | |||||
CVE-2008-1365 | 1 Trend Micro | 1 Officescan Corporate Edition | 2011-03-07 | 6.4 MEDIUM | N/A |
Stack-based buffer overflow in Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and earlier, and 7.3 Patch 3 build 1314 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long encrypted password, which triggers the overflow in (1) cgiChkMasterPwd.exe, (2) policyserver.exe as reachable through cgiABLogon.exe, and other vectors. | |||||
CVE-2008-1366 | 1 Trend Micro | 1 Officescan Corporate Edition | 2011-03-07 | 5.0 MEDIUM | N/A |
Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and earlier, and 7.3 Patch 3 build 1314 and earlier, allows remote attackers to cause a denial of service (process consumption) via (1) an HTTP request without a Content-Length header or (2) invalid characters in unspecified CGI arguments, which triggers a NULL pointer dereference. | |||||
CVE-2007-4277 | 1 Trend Micro | 2 Pc-cillin Internet Security 2007, Scan Engine | 2011-03-07 | 6.6 MEDIUM | N/A |
The Trend Micro AntiVirus scan engine before 8.550-1001, as used in Trend Micro PC-Cillin Internet Security 2007, and Tmxpflt.sys 8.320.1004 and 8.500.0.1002, has weak permissions (Everyone:Write) for the \\.\Tmfilter device, which allows local users to send arbitrary content to the device via the IOCTL functionality. NOTE: this can be leveraged for privilege escalation by exploiting a buffer overflow in the handler for IOCTL 0xa0284403. | |||||
CVE-2007-1168 | 1 Trend Micro | 1 Serverprotect | 2011-03-07 | 7.5 HIGH | N/A |
Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 allows remote attackers to access arbitrary web pages and reconfigure the product via HTTP requests with the splx_2376_info cookie to the web interface port (14942/tcp). | |||||
CVE-2007-0325 | 1 Trend Micro | 2 Client-server-messaging Security, Officescan Corporate Edition | 2011-03-07 | 9.3 HIGH | N/A |
Multiple buffer overflows in the Trend Micro OfficeScan Web-Deployment SetupINICtrl ActiveX control in OfficeScanSetupINI.dll, as used in OfficeScan 7.0 before Build 1344, OfficeScan 7.3 before Build 1241, and Client / Server / Messaging Security 3.0 before Build 1197, allow remote attackers to execute arbitrary code via a crafted HTML document. | |||||
CVE-2006-6458 | 1 Trend Micro | 3 Officescan, Pc Cillin - Internet Security 2006, Serverprotect | 2011-03-07 | 7.8 HIGH | N/A |
The Trend Micro scan engine before 8.320 for Windows and before 8.150 on HP-UX and AIX, as used in Trend Micro PC Cillin - Internet Security 2006, Office Scan 7.3, and Server Protect 5.58, allows remote attackers to cause a denial of service (CPU consumption and system hang) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero, which triggers an infinite loop. | |||||
CVE-2006-6178 | 1 Trend Micro | 1 Officescan | 2011-03-07 | 7.5 HIGH | N/A |
Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\Wizard.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1087 allows remote attackers to execute arbitrary code via unknown attack vectors. | |||||
CVE-2006-6179 | 1 Trend Micro | 1 Officescan | 2011-03-07 | 7.5 HIGH | N/A |
Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\CgiRemoteInstall.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1089 allows remote attackers to execute arbitrary code via unknown attack vectors. |