Page 3 of 26 results (0.005 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges. Una vulnerabilidad en Trend Micro InterScan Web Security Virtual Appliance versión 6.5 SP2, podría permitir a un atacante remoto autenticado enviar un mensaje HTTP especialmente diseñado y lograr una ejecución de código remota con privilegios elevados • https://success.trendmicro.com/solution/000281954 https://www.tenable.com/security/research/tra-2020-63 • CWE-787: Out-of-bounds Write •

CVSS: 9.0EPSS: 2%CPEs: 1EXPL: 1

A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges. Una vulnerabilidad de inyección de comandos en AddVLANItem de Trend Micro InterScan Web Security Virtual Appliance versión 6.5 SP2, podría permitir a un atacante remoto autenticado enviar mensajes HTTP especialmente diseñados y ejecutar comandos de SO arbitrarios con privilegios elevados • https://success.trendmicro.com/solution/000281954 https://www.tenable.com/security/research/tra-2020-63 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges. Una vulnerabilidad en Trend Micro InterScan Web Security Virtual Appliance versión 6.5 SP2, podría permitir a un atacante remoto no autenticado enviar un mensaje HTTP especialmente diseñado y lograr una ejecución de código remota con privilegios elevados • https://success.trendmicro.com/solution/000281954 https://www.tenable.com/security/research/tra-2020-63 • CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 96%CPEs: 1EXPL: 3

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to execute arbitrary code on affected installations. Authentication is required to exploit this vulnerability. Una vulnerabilidad en Trend Micro InterScan Web Security Virtual Appliance versión 6.5, puede permitir a atacantes remotos ejecutar código arbitrario sobre las instalaciones afectadas. Es requerida una autenticación para explotar esta vulnerabilidad. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro InterScan Web Security Virtual Appliance. • https://www.exploit-db.com/exploits/48667 http://packetstormsecurity.com/files/158171/Trend-Micro-Web-Security-Virtual-Appliance-Remote-Code-Execution.html http://packetstormsecurity.com/files/158423/Trend-Micro-Web-Security-Remote-Code-Execution.html https://success.trendmicro.com/solution/000253095 https://www.zerodayinitiative.com/advisories/ZDI-20-676 - • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.8EPSS: 97%CPEs: 1EXPL: 2

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authentication on affected installations of Trend Micro InterScan Web Security Virtual Appliance. Una vulnerabilidad en Trend Micro InterScan Web Security Virtual Appliance versión 6.5, puede permitir a atacantes remotos omitir la autenticación sobre las instalaciones afectadas de Trend Micro InterScan Web Security Virtual Appliance. This vulnerability allows remote attackers to bypass authentication on affected installations of Trend Micro InterScan Web Security Virtual Appliance. The specific flaw exists within the Apache Solr application. The issue results from the lack of proper implementation of authentication. An attacker can leverage this vulnerability to bypass authentication on the system. • http://packetstormsecurity.com/files/158171/Trend-Micro-Web-Security-Virtual-Appliance-Remote-Code-Execution.html http://packetstormsecurity.com/files/158423/Trend-Micro-Web-Security-Remote-Code-Execution.html https://success.trendmicro.com/solution/000253095 https://www.zerodayinitiative.com/advisories/ZDI-20-677 - • CWE-287: Improper Authentication •