CVSS: 7.5EPSS: 4%CPEs: 2EXPL: 4CVE-2017-14083 – Trend Micro OfficeScan 11.0/XG (12.0) - Private Key Disclosure
https://notcve.org/view.php?id=CVE-2017-14083
29 Sep 2017 — A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote unauthenticated users who can access the system to download the OfficeScan encryption file. Una vulnerabilidad en Trend Micro OfficeScan 11.0 y XG permite que usuarios remotos autenticados con acceso al sistema descarguen el archivo de cifrado OfficeScan. TrendMicro OfficeScan versions 11.0 and XG (12.0) suffer from a pre-authentication encryption key disclosure vulnerability. • https://packetstorm.news/files/id/144398 •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2017-14088 – Trend Micro OfficeScan tmwfp Memory Corruption Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-14088
27 Sep 2017 — Memory Corruption Privilege Escalation vulnerabilities in Trend Micro OfficeScan 11.0 and XG allows local attackers to execute arbitrary code and escalate privileges to resources normally reserved for the kernel on vulnerable installations by exploiting tmwfp.sys. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability. Vulnerabilidades de escalado de privilegios de corrupción de memoria en Trend Micro OfficeScan 11.0 y XG permiten ... • http://www.securityfocus.com/bid/101070 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 7%CPEs: 2EXPL: 0CVE-2017-11393 – Trend Micro OfficeScan Proxy Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-11393
03 Aug 2017 — Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the tr parameter within Proxy.php. Formerly ZDI-CAN-4543. La vulnerabilidad de inyección de comandos proxy en Trend Micro OfficeScan 11 y XG (12) permite que atacantes remotos puedan ejecutar código arbitrario en instalaciones vulnerables. Este error específico se puede explotar parseando el parámetro tr en... • http://www.securityfocus.com/bid/100127 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 92%CPEs: 2EXPL: 1CVE-2017-11394 – Trend Micro OfficeScan Proxy Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-11394
02 Aug 2017 — Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the T parameter within Proxy.php. Formerly ZDI-CAN-4544. La vulnerabilidad de inyección de comandos proxy en Trend Micro OfficeScan 11 and XG (12) permite que atacantes remotos puedan ejecutar código arbitrario en instalaciones vulnerables. Este fallo específico se puede explotar parseando el parámetro T en... • https://www.exploit-db.com/exploits/42971 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-8801
https://notcve.org/view.php?id=CVE-2017-8801
05 May 2017 — Trend Micro OfficeScan 11.0 before SP1 CP 6325 (with Agent Module Build before 6152) and XG before CP 1352 has XSS via a crafted URI using a blocked website. Trend Micro OfficeScan 11.0 antes de SP1 CP 6325 (cin Agent Module Build anterior a 6152) y XG anterior a CP 1352 están afectados por un XSS a traves de una URI utilizando un sitio bloqueado. • http://files.trendmicro.com/products/officescan/11.0_SP1/readme/osce-11-sp1-patch1-win-all-criticalpatch-6325_readme.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-5481
https://notcve.org/view.php?id=CVE-2017-5481
03 May 2017 — Trend Micro OfficeScan 11.0 before SP1 CP 6325 and XG before CP 1352 allows remote authenticated users to gain privileges by leveraging a leak of an encrypted password during a web-console operation. Trend Micro OfficeScan 11.0 en la versión anterior a SP1 CP 6325 y XG y la versión anterior a CP 1352, permite a los usuarios remotos autenticados obtener privilegios aprovechando una fuga de una contraseña cifrada durante una operación de consola web. • http://www.securityfocus.com/bid/98007 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2016-1223
https://notcve.org/view.php?id=CVE-2016-1223
19 Jun 2016 — Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x, and Worry-Free Business Security 9.0 allows remote attackers to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x y Worry-Free Business Security 9.0 permite a atacantes remotos leer archivos arbitrarios a través de vectores no especificados. • http://esupport.trendmicro.com/solution/ja-JP/1114102.aspx • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 89%CPEs: 118EXPL: 0CVE-2007-0851
https://notcve.org/view.php?id=CVE-2007-0851
08 Feb 2007 — Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, as used in other products such as Cyber Clean Center (CCC) Cleaner, allows remote attackers to execute arbitrary code via a malformed UPX compressed executable. Un desbordamiento de búfer en Trend Micro Scan Engine versiones 8.000 y 8.300 anteriores al archivo de patrones de virus versión 4.245.00, tal y como es usado en otros productos como Cyber Clean Center (CCC) Cleaner, permite a atacantes remotos ejecuta... • http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034289 •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2006-5212
https://notcve.org/view.php?id=CVE-2006-5212
09 Oct 2006 — Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to delete files via a modified filename parameter in a certain HTTP request that invokes the OfficeScan CGI program. Trend Micro OfficeScan 6.0 en Client/Server/Messaging (CSM) Suite para SMB 2.0 anetrior a 6.0.0.1385, y OfficeScan Corporate Edition (OSCE) 6.5 anterior a 6.5.0.14... • http://secunia.com/advisories/22156 •
CVSS: 8.4EPSS: 21%CPEs: 78EXPL: 0CVE-2005-0533
https://notcve.org/view.php?id=CVE-2005-0533
24 Feb 2005 — Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI before 7.510, as used in multiple Trend Micro products, allows remote attackers to execute arbitrary code via a crafted ARJ file with long header file names that modify pointers within a structure. • http://secunia.com/advisories/14396 •