CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2018-6237
https://notcve.org/view.php?id=CVE-2018-6237
25 May 2018 — A vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow an unauthenticated remote attacker to manipulate the product to send a large number of specially crafted HTTP requests to potentially cause the file system to fill up, eventually causing a denial of service (DoS) situation. Una vulnerabilidad en Trend Micro Smart Protection Server (Standalone) 3.x podría permitir que un atacante remoto no autenticado manipule el producto para enviar un gran número de peticiones HTTP especial... • https://success.trendmicro.com/solution/1119715 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2018-10350 – Trend Micro Smart Protection Server BWListMgmt SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-10350
04 May 2018 — A SQL injection remote code execution vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw within the handling of parameters provided to wcs\_bwlists\_handler.php. Authentication is required in order to exploit this vulnerability. Una vulnerabilidad de ejecución remota de código por inyección SQL en Trend Micro Smart Protection Server (Standalone) 3.x podría permitir que un atacante remoto ejec... • https://success.trendmicro.com/solution/1119715 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2018-6231 – Trend Micro Smart Protection Server Auth Command Injection Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2018-6231
28 Feb 2018 — A server auth command injection authentication bypass vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.3 and below could allow remote attackers to escalate privileges on vulnerable installations. Una vulnerabilidad de omisión de autenticación y de inyección de comandos auth del servidor en Trend Micro Smart Protection Server (Standalone) en versiones 3.3 y anteriores podría permitir que los atacantes remotos escalen privilegios en instalaciones vulnerables. This vulnerability all... • https://success.trendmicro.com/solution/1119385 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2017-14097 – Trend Micro Smart Protection Server - Session Hijacking / Log File Disclosure / Remote Command Execution / Cron Job Injection / Local File Inclusion / Stored Cross-Site Scripting / Improper Access Control
https://notcve.org/view.php?id=CVE-2017-14097
22 Dec 2017 — An improper access control vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to decrypt contents of a database with information that could be used to access a vulnerable system. Una vulnerabilidad de control de acceso incorrecto en Trend Micro Smart Protection Server (Standalone) en versiones 3.2 y anteriores podría permitir que un atacante descifre el contenido de una base de datos con información que podría emplearse para acceder a un sistema ... • https://packetstorm.news/files/id/145518 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2017-14096 – Trend Micro Smart Protection Server - Session Hijacking / Log File Disclosure / Remote Command Execution / Cron Job Injection / Local File Inclusion / Stored Cross-Site Scripting / Improper Access Control
https://notcve.org/view.php?id=CVE-2017-14096
22 Dec 2017 — A stored cross site scripting (XSS) vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to execute a malicious payload on vulnerable systems. Una vulnerabilidad de Cross-Site Scripting (XSS) persistente en Trend Micro Smart Protection Server (Standalone) en versiones 3.2 y anteriores podría permitir que un atacante ejecute una carga útil maliciosa en sistemas vulnerables. Trend Micro Smart Protection Server version 3.2 suffers from access control ... • https://packetstorm.news/files/id/145518 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3CVE-2017-11398 – Trend Micro Smart Protection Server - Session Hijacking / Log File Disclosure / Remote Command Execution / Cron Job Injection / Local File Inclusion / Stored Cross-Site Scripting / Improper Access Control
https://notcve.org/view.php?id=CVE-2017-11398
22 Dec 2017 — A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system. Una vulnerabilidad de secuestro de sesión mediante divulgación de logs en Trend Micro Smart Protection Server (Standalone), en versiones 3.2 y anteriores, podría permitir que un atacante no autenticado secuestre sesiones activas de usuario para realizar p... • https://packetstorm.news/files/id/145518 • CWE-285: Improper Authorization CWE-534: DEPRECATED: Information Exposure Through Debug Log Files •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 3CVE-2017-14094 – Trend Micro Smart Protection Server - Session Hijacking / Log File Disclosure / Remote Command Execution / Cron Job Injection / Local File Inclusion / Stored Cross-Site Scripting / Improper Access Control
https://notcve.org/view.php?id=CVE-2017-14094
22 Dec 2017 — A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a cron job injection on a vulnerable system. Una vulnerabilidad en Trend Micro Smart Protection Server (Standalone), en versiones 3.2 y anteriores, podría permitir que un atacante realice la ejecución remota de comandos mediante una inyección cron job en un sistema vulnerable. Trend Micro Smart Protection Server version 3.2 suffers from access control byp... • https://packetstorm.news/files/id/145518 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 3CVE-2017-14095 – Trend Micro Smart Protection Server - Session Hijacking / Log File Disclosure / Remote Command Execution / Cron Job Injection / Local File Inclusion / Stored Cross-Site Scripting / Improper Access Control
https://notcve.org/view.php?id=CVE-2017-14095
22 Dec 2017 — A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a local file inclusion on a vulnerable system. Una vulnerabilidad en Trend Micro Smart Protection Server (Standalone), en versiones 3.2 y anteriores, podría permitir que un atacante realice la ejecución remota de comandos mediante una inclusión de archivos locales en un sistema vulnerable. Trend Micro Smart Protection Server version 3.2 suffers from acces... • https://packetstorm.news/files/id/145518 • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-11395
https://notcve.org/view.php?id=CVE-2017-11395
22 Sep 2017 — Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnerable installations. Una vulnerabilidad de inyección de comandos en la interfaz de usuario de administración del servidor Trend Micro Smart Protection Server (Standalone) en sus versiones 3.1 y 3.2 permite que los atacantes con acceso autenticado ejecuten código arbitrario en instalaciones vulnerables. • http://www.coresecurity.com/advisories/trend-micro-smart-protection-os-command-injection • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2016-6268
https://notcve.org/view.php?id=CVE-2016-6268
30 Jan 2017 — Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows local webserv users to execute arbitrary code with root privileges via a Trojan horse .war file in the Solr webapps directory. Trend Micro Smart Protection Server 2.5 en versiones anteriores a build 2200, 2,6 en versiones anteriores a build 2106 y 3,0 en versiones anteriores a build 1330 permite a los usuarios locales de webserv ejecutar código arbitrario con privilegios de root a través de un ... • https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps • CWE-264: Permissions, Privileges, and Access Controls •