6 results (0.009 seconds)

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 before Hot Fix Build 3318 and 11.0 before Hot Fix Build 4180 creates session IDs for the web console using a random number generator with predictable values, which makes it easier for remote attackers to bypass authentication via a brute force attack. Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 anterior a Hot Fix Build 3318 y 11.0 anterior a Hot Fix Build 4180 crea identificadores de sesión para la consola web utilizando un generador de números aleatorios con valores previsibles, lo que facilita a atacantes remotos evadir la autenticación a través de un ataque de fuerza bruta. • http://blog.malerisch.net/2016/05/trendmicro-smex-session-predictable-cve-2015-3326.html http://esupport.trendmicro.com/solution/en-US/1109669.aspx http://www.securityfocus.com/bid/74661 http://www.securitytracker.com/id/1032323 •

CVSS: 9.3EPSS: 39%CPEs: 118EXPL: 0

Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, as used in other products such as Cyber Clean Center (CCC) Cleaner, allows remote attackers to execute arbitrary code via a malformed UPX compressed executable. Un desbordamiento de búfer en Trend Micro Scan Engine versiones 8.000 y 8.300 anteriores al archivo de patrones de virus versión 4.245.00, tal y como es usado en otros productos como Cyber Clean Center (CCC) Cleaner, permite a atacantes remotos ejecutar código arbitrario por medio de un ejecutable comprimido UPX malformado. • http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034289 http://jvn.jp/jp/JVN%2377366274/index.html http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=470 http://osvdb.org/33038 http://secunia.com/advisories/24087 http://secunia.com/advisories/24128 http://securitytracker.com/id?1017601 http://securitytracker.com/id?1017602 http://securitytracker.com/id? •

CVSS: 7.5EPSS: 21%CPEs: 78EXPL: 0

Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI before 7.510, as used in multiple Trend Micro products, allows remote attackers to execute arbitrary code via a crafted ARJ file with long header file names that modify pointers within a structure. • http://secunia.com/advisories/14396 http://securitytracker.com/id?1013289 http://securitytracker.com/id?1013290 http://www.securityfocus.com/bid/12643 http://www.trendmicro.com/vinfo/secadvisories/default6.asp?VName=Vulnerability+in+VSAPI+ARJ+parsing+could+allow+Remote+Code+execution http://xforce.iss.net/xforce/alerts/id/189 •

CVSS: 5.0EPSS: 5%CPEs: 2EXPL: 1

Trend ScanMail allows remote attackers to obtain potentially sensitive information or disable the anti-virus capability via the smency.nsf file. • https://www.exploit-db.com/exploits/24725 http://cgi.nessus.org/plugins/dump.php3?id=14312 https://exchange.xforce.ibmcloud.com/vulnerabilities/17962 •

CVSS: 7.5EPSS: 3%CPEs: 2EXPL: 2

Trend Micro ScanMail for Exchange (SMEX) before 3.81 and before 6.1 might install a back door account in smg_Smxcfg30.exe, which allows remote attackers to gain access to the web management interface via the vcc parameter, possibly "3560121183d3". • https://www.exploit-db.com/exploits/22174 http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0021.html http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=13352 http://secunia.com/advisories/7881 http://www.securityfocus.com/bid/6619 https://exchange.xforce.ibmcloud.com/vulnerabilities/11061 • CWE-287: Improper Authentication •