5 results (0.010 seconds)

CVSS: 7.5EPSS: 4%CPEs: 12EXPL: 1

SQL injection vulnerability in the ad hoc query module in Trend Micro Control Manager (TMCM) before 5.5.0.1823 and 6.0 before 6.0.0.1449 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en el módulo ad hoc en Trend Micro Control Manager (TMCM) anterior a v5.5.0.1823 y v6.0 anterior a v6.0.0.1449 permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores no especificados. Trend Micro Control Manager versions 5.5 and 6.0 suffer from an AdHocQuery remote blind SQL injection vulnerability. • https://www.exploit-db.com/exploits/21546 http://esupport.trendmicro.com/solution/en-us/1061043.aspx http://jvn.jp/en/jp/JVN42014489/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2012-000090 http://www.kb.cert.org/vuls/id/950795 http://www.securitytracker.com/id?1027584 http://www.spentera.com/2012/09/trend-micro-control-manager-sql-injection-vulnerability http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_TMCM55_1823.txt http://www.trendmicro.com/ftp/doc • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 10.0EPSS: 94%CPEs: 1EXPL: 1

Stack-based buffer overflow in the CGenericScheduler::AddTask function in cmdHandlerRedAlertController.dll in CmdProcessor.exe in Trend Micro Control Manager 5.5 before Build 1613 allows remote attackers to execute arbitrary code via a crafted IPC packet to TCP port 20101. Desbordamiento de búfer basado en pila en la función CGenericScheduler::AddTask en cmdHandlerRedAlertController.dll en CmdProcessor.exe en Trend Micro Control Manager v5.5 anterior al Build 1613 permite a atacantes remotos ejecutar código de su elección mediante un paquete IPC manipulado al puerto 20101 TCP • https://www.exploit-db.com/exploits/18514 http://secunia.com/advisories/47114 http://www.securityfocus.com/archive/1/520780/100/0/threaded http://www.securitytracker.com/id?1026390 http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_TMCM55_1613.txt http://www.zerodayinitiative.com/advisories/ZDI-11-345 https://exchange.xforce.ibmcloud.com/vulnerabilities/71681 - • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 39%CPEs: 118EXPL: 0

Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, as used in other products such as Cyber Clean Center (CCC) Cleaner, allows remote attackers to execute arbitrary code via a malformed UPX compressed executable. Un desbordamiento de búfer en Trend Micro Scan Engine versiones 8.000 y 8.300 anteriores al archivo de patrones de virus versión 4.245.00, tal y como es usado en otros productos como Cyber Clean Center (CCC) Cleaner, permite a atacantes remotos ejecutar código arbitrario por medio de un ejecutable comprimido UPX malformado. • http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034289 http://jvn.jp/jp/JVN%2377366274/index.html http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=470 http://osvdb.org/33038 http://secunia.com/advisories/24087 http://secunia.com/advisories/24128 http://securitytracker.com/id?1017601 http://securitytracker.com/id?1017602 http://securitytracker.com/id? •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in Trend Micro Control Manager (TMCM) 3.5 allows remote attackers to inject arbitrary web script or HTML via the username field on the login page, which is not properly sanitized before being displayed in the error log. Secuencias de comandos en sitios cruzados (XSS) en Trend Micro Control Manager (TMCM) v3.5 permite a atacantes remotos inyectar secuencias de comandos (script) web o HTML a través del campo nombre de usuario en la página de inicio de sesión, el cual no está correctamente filtrado antes de ser mostrados en el registro de errores. • http://secunia.com/advisories/20794 http://securityreason.com/securityalert/1159 http://securitytracker.com/id?1016372 http://www.securityfocus.com/archive/1/438158/100/0/threaded http://www.securityfocus.com/bid/18619 http://www.vupen.com/english/advisories/2006/2526 https://exchange.xforce.ibmcloud.com/vulnerabilities/27388 •

CVSS: 7.5EPSS: 21%CPEs: 78EXPL: 0

Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI before 7.510, as used in multiple Trend Micro products, allows remote attackers to execute arbitrary code via a crafted ARJ file with long header file names that modify pointers within a structure. • http://secunia.com/advisories/14396 http://securitytracker.com/id?1013289 http://securitytracker.com/id?1013290 http://www.securityfocus.com/bid/12643 http://www.trendmicro.com/vinfo/secadvisories/default6.asp?VName=Vulnerability+in+VSAPI+ARJ+parsing+could+allow+Remote+Code+execution http://xforce.iss.net/xforce/alerts/id/189 •