CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2006-3261
https://notcve.org/view.php?id=CVE-2006-3261
Cross-site scripting (XSS) vulnerability in Trend Micro Control Manager (TMCM) 3.5 allows remote attackers to inject arbitrary web script or HTML via the username field on the login page, which is not properly sanitized before being displayed in the error log. Secuencias de comandos en sitios cruzados (XSS) en Trend Micro Control Manager (TMCM) v3.5 permite a atacantes remotos inyectar secuencias de comandos (script) web o HTML a través del campo nombre de usuario en la página de inicio de sesión, el cual no está correctamente filtrado antes de ser mostrados en el registro de errores. • http://secunia.com/advisories/20794 http://securityreason.com/securityalert/1159 http://securitytracker.com/id?1016372 http://www.securityfocus.com/archive/1/438158/100/0/threaded http://www.securityfocus.com/bid/18619 http://www.vupen.com/english/advisories/2006/2526 https://exchange.xforce.ibmcloud.com/vulnerabilities/27388 •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 2CVE-2006-1379
https://notcve.org/view.php?id=CVE-2006-1379
Trend Micro PC-cillin Internet Security 2006 14.00.1485 and 14.10.0.1023, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying executable programs such as (1) tmntsrv.exe and (2) tmproxy.exe. • http://secunia.com/advisories/19282 http://www.secumind.net/content/french/modules/news/article.php?storyid=9&sel_lang=english http://www.vupen.com/english/advisories/2006/1042 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2006-1381
https://notcve.org/view.php?id=CVE-2006-1381
Trend Micro OfficeScan 5.5, and probably other versions before 6.5, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying tmlisten.exe. • http://secunia.com/advisories/11576 http://www.secumind.net/content/french/modules/news/article.php?storyid=9&sel_lang=english http://www.vupen.com/english/advisories/2006/1041 https://exchange.xforce.ibmcloud.com/vulnerabilities/25415 •
CVSS: 5.1EPSS: 0%CPEs: 3EXPL: 0CVE-2006-0642
https://notcve.org/view.php?id=CVE-2006-0642
Trend Micro ServerProtect 5.58, and possibly InterScan Messaging Security Suite and InterScan Web Security Suite, have a default configuration setting of "Do not scan compressed files when Extracted file count exceeds 500 files," which may be too low in certain circumstances, which allows remote attackers to bypass anti-virus checks by sending compressed archives containing many small files. NOTE: since this is related to a configuration setting that has an operational impact that might vary depending on the environment, and the product is claimed to report a message when the compressed file exceeds specified limits, perhaps this should not be included in CVE. • http://www.packetstormsecurity.org/0602-advisories/Bypass.pdf http://www.packetstormsecurity.org/filedesc/Bypass.pdf.html http://www.securityfocus.com/archive/1/423896/100/0/threaded http://www.securityfocus.com/archive/1/423913/100/0/threaded http://www.securityfocus.com/archive/1/423914/100/0/threaded http://www.securityfocus.com/archive/1/424172/100/0/threaded http://www.securityfocus.com/archive/1/424598/100/0/threaded http://www.securityfocus.com/bid/16483 https://exchange •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2005-1928
https://notcve.org/view.php?id=CVE-2005-1928
Trend Micro ServerProtect EarthAgent for Windows Management Console 5.58 and possibly earlier versions, when running with Trend Micro Control Manager 2.5 and 3.0, and Damage Cleanup Server 1.1, allows remote attackers to cause a denial of service (CPU consumption) via a flood of crafted packets with a certain "magic value" to port 5005, which also leads to a memory leak. • http://kb.trendmicro.com/solutions/search/main/search/solutionDetail.asp?solutionID=25254 http://secunia.com/advisories/18038 http://securityreason.com/securityalert/259 http://securitytracker.com/id?1015358 http://solutionfile.trendmicro.com/SolutionFile/25254/en/Hotfix_Readme_SPNT5_58_B1137.txt http://www.idefense.com/application/poi/display?id=356&type=vulnerabilities http://www.osvdb.org/21773 http://www.securityfocus.com/bid/15868 http://www.vupen.com/english/advisories/2005/2907 • CWE-399: Resource Management Errors •