Filtered by vendor Trend Micro
Subscribe
Total
108 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-1379 | 1 Trend Micro | 1 Pc-cillin 2006 | 2024-02-14 | 7.2 HIGH | N/A |
Trend Micro PC-cillin Internet Security 2006 14.00.1485 and 14.10.0.1023, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying executable programs such as (1) tmntsrv.exe and (2) tmproxy.exe. | |||||
CVE-2002-1349 | 1 Trend Micro | 2 Officescan, Pc-cillin | 2024-02-14 | 4.6 MEDIUM | N/A |
Buffer overflow in pop3trap.exe for PC-cillin 2000, 2002, and 2003 allows local users to execute arbitrary code via a long input string to TCP port 110 (POP3). | |||||
CVE-2006-1381 | 1 Trend Micro | 1 Officescan | 2024-02-14 | 10.0 HIGH | N/A |
Trend Micro OfficeScan 5.5, and probably other versions before 6.5, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying tmlisten.exe. | |||||
CVE-2015-3326 | 1 Trend Micro | 1 Scanmail | 2024-02-04 | 5.0 MEDIUM | N/A |
Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 before Hot Fix Build 3318 and 11.0 before Hot Fix Build 4180 creates session IDs for the web console using a random number generator with predictable values, which makes it easier for remote attackers to bypass authentication via a brute force attack. | |||||
CVE-2016-3664 | 1 Trend Micro | 1 Mobile Security | 2024-02-04 | 5.8 MEDIUM | 7.4 HIGH |
Trend Micro Mobile Security for iOS before 3.2.1188 does not verify the X.509 certificate of the mobile application login server, which allows man-in-the-middle attackers to spoof this server and obtain sensitive information via a crafted certificate. | |||||
CVE-2016-5840 | 1 Trend Micro | 1 Deep Discovery Inspector | 2024-02-04 | 9.0 HIGH | 7.2 HIGH |
hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Content-Disposition header. | |||||
CVE-2012-2998 | 1 Trend Micro | 1 Control Manager | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in the ad hoc query module in Trend Micro Control Manager (TMCM) before 5.5.0.1823 and 6.0 before 6.0.0.1449 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2011-5001 | 1 Trend Micro | 1 Control Manager | 2024-02-04 | 10.0 HIGH | N/A |
Stack-based buffer overflow in the CGenericScheduler::AddTask function in cmdHandlerRedAlertController.dll in CmdProcessor.exe in Trend Micro Control Manager 5.5 before Build 1613 allows remote attackers to execute arbitrary code via a crafted IPC packet to TCP port 20101. | |||||
CVE-2008-2435 | 1 Trend Micro | 1 Housecall | 2024-02-04 | 9.3 HIGH | N/A |
Use-after-free vulnerability in the Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in Housecall_ActiveX.dll allows remote attackers to execute arbitrary code via a crafted notifyOnLoadNative callback function. | |||||
CVE-2008-2437 | 1 Trend Micro | 2 Client-server-messaging Security, Officescan | 2024-02-04 | 10.0 HIGH | N/A |
Stack-based buffer overflow in cgiRecvFile.exe in Trend Micro OfficeScan 7.3 patch 4 build 1362 and other builds, OfficeScan 8.0 and 8.0 SP1, and Client Server Messaging Security 3.6 allows remote attackers to execute arbitrary code via an HTTP request containing a long ComputerName parameter. | |||||
CVE-2008-5545 | 2 Microsoft, Trend Micro | 2 Internet Explorer, Trend Micro Antivirus | 2024-02-04 | 9.3 HIGH | N/A |
Trend Micro VSAPI 8.700.0.1004 in Trend Micro AntiVirus, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
CVE-2008-4403 | 1 Trend Micro | 1 Officescan | 2024-02-04 | 5.0 MEDIUM | N/A |
The CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via crafted HTTP headers, related to the "error handling mechanism." | |||||
CVE-2008-2439 | 1 Trend Micro | 2 Officescan, Worry Free Business Security | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the UpdateAgent function in TmListen.exe in the OfficeScanNT Listener service in the client in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1372, OfficeScan 8.0 SP1 before build 1222, OfficeScan 8.0 SP1 Patch 1 before build 3087, and Worry-Free Business Security 5.0 before build 1220 allows remote attackers to read arbitrary files via directory traversal sequences in an HTTP request. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-3364 | 1 Trend Micro | 1 Officescan | 2024-02-04 | 9.3 HIGH | N/A |
Buffer overflow in the ObjRemoveCtrl Class ActiveX control in OfficeScanRemoveCtrl.dll 7.3.0.1020 in Trend Micro OfficeScan Corp Edition (OSCE) Web-Deployment 7.0, 7.3 build 1343 Patch 4 and other builds, and 8.0; Client Server Messaging Security (CSM) 3.5 and 3.6; and Worry-Free Business Security (WFBS) 5.0 allows remote attackers to execute arbitrary code via a long string in the Server property, and possibly other properties. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-4402 | 1 Trend Micro | 1 Officescan | 2024-02-04 | 10.0 HIGH | N/A |
Multiple buffer overflows in CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remote attackers to execute arbitrary code via unspecified vectors. | |||||
CVE-2006-5269 | 1 Trend Micro | 1 Serverprotect | 2024-02-04 | 10.0 HIGH | N/A |
Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, probably related to an RPC interface. | |||||
CVE-2008-0014 | 1 Trend Micro | 1 Serverprotect | 2024-02-04 | 10.0 HIGH | N/A |
Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0012 and CVE-2008-0013. | |||||
CVE-2006-5268 | 1 Trend Micro | 1 Serverprotect | 2024-02-04 | 10.0 HIGH | N/A |
Unspecified vulnerability in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via vectors related to obtaining "administrative access to the RPC interface." | |||||
CVE-2008-3865 | 1 Trend Micro | 3 Internet Security 2007, Internet Security 2008, Officescan | 2024-02-04 | 10.0 HIGH | N/A |
Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field. | |||||
CVE-2008-1366 | 1 Trend Micro | 1 Officescan Corporate Edition | 2024-02-04 | 5.0 MEDIUM | N/A |
Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and earlier, and 7.3 Patch 3 build 1314 and earlier, allows remote attackers to cause a denial of service (process consumption) via (1) an HTTP request without a Content-Length header or (2) invalid characters in unspecified CGI arguments, which triggers a NULL pointer dereference. |