CVE-2016-9315 – Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-9315
Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to change Master Admin's password and/or add new admin accounts. This was resolved in Version 6.5 CP 1737. Vulnerabilidad de escalada de privilegios en com.trend.iwss.gui.servlet.updateaccountadministration en Trend Micro InterScan Web Security Virtual Appliance (IWSVA) versión 6.5-SP2_Build_Linux_1707 y versiones anteriores permite a usuarios remotos autenticados con menos privilegios cambiar la contraseña del administrador Master y/o añadir nuevas cuentas de administrador. Esto se resolvió en Version 6.5 CP 1737. Trendmicro InterScan version 6.5-SP2_Build_Linux_1548 suffers from a privilege escalation vulnerability. • https://www.exploit-db.com/exploits/41361 http://www.securityfocus.com/bid/96252 http://www.securitytracker.com/id/1037849 https://success.trendmicro.com/solution/1116672 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2016-1225
https://notcve.org/view.php?id=CVE-2016-1225
Trend Micro Internet Security 8 and 10 allows remote attackers to read arbitrary files via unspecified vectors. Trend Micro Internet Security 8 y 10 permite a atacantes remotos leer archivos arbitrarios a través de vectores no especificados. • http://jvn.jp/en/jp/JVN48789425/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2016-000073 http://www.securitytracker.com/id/1036137 https://esupport.trendmicro.com/support/vb/solution/ja-jp/1113880.aspx • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-1226
https://notcve.org/view.php?id=CVE-2016-1226
Cross-site scripting (XSS) vulnerability in Trend Micro Internet Security 8 and 10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Trend Micro Internet Security 8 y 10 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://jvn.jp/en/jp/JVN48789425/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2016-000088 http://www.securitytracker.com/id/1036137 https://esupport.trendmicro.com/support/vb/solution/ja-jp/1113880.aspx • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-1224
https://notcve.org/view.php?id=CVE-2016-1224
CRLF injection vulnerability in Trend Micro Worry-Free Business Security Service 5.x and Worry-Free Business Security 9.0 allows remote attackers to inject arbitrary HTTP headers and conduct cross-site scripting (XSS) attacks via unspecified vectors. Vulnerabilidad de inyección CRLF en Trend Micro Worry-Free Business Security Service 5.x y Worry-Free Business Security 9.0 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y llevar a cabo ataques XSS a través de vectores no especificados. • http://esupport.trendmicro.com/solution/ja-JP/1114102.aspx http://jvn.jp/en/jp/JVN48847535/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2016-000089 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-1223
https://notcve.org/view.php?id=CVE-2016-1223
Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x, and Worry-Free Business Security 9.0 allows remote attackers to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x y Worry-Free Business Security 9.0 permite a atacantes remotos leer archivos arbitrarios a través de vectores no especificados. • http://esupport.trendmicro.com/solution/ja-JP/1114102.aspx http://jvn.jp/en/jp/JVN48847535/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2016-000074 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •