4 results (0.009 seconds)

CVSS: 7.5EPSS: 4%CPEs: 12EXPL: 1

SQL injection vulnerability in the ad hoc query module in Trend Micro Control Manager (TMCM) before 5.5.0.1823 and 6.0 before 6.0.0.1449 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en el módulo ad hoc en Trend Micro Control Manager (TMCM) anterior a v5.5.0.1823 y v6.0 anterior a v6.0.0.1449 permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores no especificados. Trend Micro Control Manager versions 5.5 and 6.0 suffer from an AdHocQuery remote blind SQL injection vulnerability. • https://www.exploit-db.com/exploits/21546 http://esupport.trendmicro.com/solution/en-us/1061043.aspx http://jvn.jp/en/jp/JVN42014489/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2012-000090 http://www.kb.cert.org/vuls/id/950795 http://www.securitytracker.com/id?1027584 http://www.spentera.com/2012/09/trend-micro-control-manager-sql-injection-vulnerability http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_TMCM55_1823.txt http://www.trendmicro.com/ftp/doc • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 10.0EPSS: 94%CPEs: 1EXPL: 1

Stack-based buffer overflow in the CGenericScheduler::AddTask function in cmdHandlerRedAlertController.dll in CmdProcessor.exe in Trend Micro Control Manager 5.5 before Build 1613 allows remote attackers to execute arbitrary code via a crafted IPC packet to TCP port 20101. Desbordamiento de búfer basado en pila en la función CGenericScheduler::AddTask en cmdHandlerRedAlertController.dll en CmdProcessor.exe en Trend Micro Control Manager v5.5 anterior al Build 1613 permite a atacantes remotos ejecutar código de su elección mediante un paquete IPC manipulado al puerto 20101 TCP • https://www.exploit-db.com/exploits/18514 http://secunia.com/advisories/47114 http://www.securityfocus.com/archive/1/520780/100/0/threaded http://www.securitytracker.com/id?1026390 http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_TMCM55_1613.txt http://www.zerodayinitiative.com/advisories/ZDI-11-345 https://exchange.xforce.ibmcloud.com/vulnerabilities/71681 - • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 39%CPEs: 118EXPL: 0

Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, as used in other products such as Cyber Clean Center (CCC) Cleaner, allows remote attackers to execute arbitrary code via a malformed UPX compressed executable. Un desbordamiento de búfer en Trend Micro Scan Engine versiones 8.000 y 8.300 anteriores al archivo de patrones de virus versión 4.245.00, tal y como es usado en otros productos como Cyber Clean Center (CCC) Cleaner, permite a atacantes remotos ejecutar código arbitrario por medio de un ejecutable comprimido UPX malformado. • http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034289 http://jvn.jp/jp/JVN%2377366274/index.html http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=470 http://osvdb.org/33038 http://secunia.com/advisories/24087 http://secunia.com/advisories/24128 http://securitytracker.com/id?1017601 http://securitytracker.com/id?1017602 http://securitytracker.com/id? •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1

Trend Micro Control Manager 3.0 Enterprise Edition allows remote attackers to gain privileges via a replay attack of the encrypted username and password. • http://marc.info/?l=bugtraq&m=110564369316593&w=2 http://marc.info/?l=bugtraq&m=110565281205427&w=2 http://www.cirt.dk/advisories/cirt-28-advisory.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/18887 •