CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 3CVE-2017-9035 – Trend Micro ServerProtect Disclosure / CSRF / XSS
https://notcve.org/view.php?id=CVE-2017-9035
Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to eavesdrop and tamper with updates by leveraging unencrypted communications with update servers. Trend Micro ServerProtect para Linux 3.0 en versiones anteriores a la CP 1531 permite a los atacantes escuchar y manipular actualizaciones, aprovechando comunicaciones sin cifrar con servidores de actualización. Trend Micro ServerProtect suffers from information disclosure, manipulation, cross site request forgery, cross site scripting, and various other vulnerabilities. • http://packetstormsecurity.com/files/142645/Trend-Micro-ServerProtect-Disclosure-CSRF-XSS.html http://seclists.org/fulldisclosure/2017/May/91 http://www.securitytracker.com/id/1038548 https://success.trendmicro.com/solution/1117411 https://www.coresecurity.com/advisories/trend-micro-serverprotect-multiple-vulnerabilities • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 3CVE-2017-9036 – Trend Micro ServerProtect Disclosure / CSRF / XSS
https://notcve.org/view.php?id=CVE-2017-9036
Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows local users to gain privileges by leveraging an unrestricted quarantine directory. Trend Micro ServerProtect para Linux 3.0 en versiones anteriores a la CP 1531, permite a los usuarios locales obtener privilegios manipulando un directorio de cuarentena no restringido. Trend Micro ServerProtect suffers from information disclosure, manipulation, cross site request forgery, cross site scripting, and various other vulnerabilities. • http://packetstormsecurity.com/files/142645/Trend-Micro-ServerProtect-Disclosure-CSRF-XSS.html http://seclists.org/fulldisclosure/2017/May/91 http://www.securitytracker.com/id/1038548 https://success.trendmicro.com/solution/1117411 https://www.coresecurity.com/advisories/trend-micro-serverprotect-multiple-vulnerabilities • CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2017-9037 – Trend Micro ServerProtect Disclosure / CSRF / XSS
https://notcve.org/view.php?id=CVE-2017-9037
Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allow remote attackers to inject arbitrary web script or HTML via the (1) S44, (2) S5, (3) S_action_fail, (4) S_ptn_update, (5) T113, (6) T114, (7) T115, (8) T117117, (9) T118, (10) T_action_fail, (11) T_ptn_update, (12) textarea, (13) textfield5, or (14) tmLastConfigFileModifiedDate parameter to notification.cgi. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en ServerProtect de Trend Micro para Linux versión 3.0 anterior a CP 1531, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio del parámetro (1) S44, (2) S5, (3) S_action_fail, (4) S_ptn_update , (5) T113, (6) T114, (7) T115, (8) T117117, (9) T118, (10) T_action_fail, (11) T_ptn_update, (12) textarea, (13) textfield5, o (14) tmLastConfigFileModifiedDate en el archivo notification.cgi. Trend Micro ServerProtect suffers from information disclosure, manipulation, cross site request forgery, cross site scripting, and various other vulnerabilities. • http://packetstormsecurity.com/files/142645/Trend-Micro-ServerProtect-Disclosure-CSRF-XSS.html http://seclists.org/fulldisclosure/2017/May/91 http://www.securitytracker.com/id/1038548 https://success.trendmicro.com/solution/1117411 https://www.coresecurity.com/advisories/trend-micro-serverprotect-multiple-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 7%CPEs: 2EXPL: 0CVE-2008-0014
https://notcve.org/view.php?id=CVE-2008-0014
Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0012 and CVE-2008-0013. Un Desbordamiento de búfer en la memoria libre para la reserva dinámica (heap) en un procedimiento no especificado de Trend Micro ServerProtect 5.7 y 5.58 permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos, posiblemente relacionados con la configuración del producto, una vulnerabilidad diferente que CVE-2008-0012 y CVE-2008-0013. • http://blogs.iss.net/archive/trend.html http://secunia.com/advisories/32618 http://www.iss.net/threats/310.html http://www.kb.cert.org/vuls/id/768681 http://www.securityfocus.com/bid/32261 http://www.vupen.com/english/advisories/2008/3127 https://exchange.xforce.ibmcloud.com/vulnerabilities/39920 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 7%CPEs: 2EXPL: 0CVE-2007-0074
https://notcve.org/view.php?id=CVE-2007-0074
Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a folder read operation over RPC. Desbordamiento de búfer en un procedimiento no especificado en Trend Micro ServerProtect 5.7 y 5.58 permite a atacantes remotos ejecutar código de su elección mediante vectores desconocidos, posiblemente relacionados con una operación de lectura de carpeta sobre RPC. • http://blogs.iss.net/archive/trend.html http://secunia.com/advisories/32618 http://www.iss.net/threats/309.html http://www.kb.cert.org/vuls/id/768681 http://www.securityfocus.com/bid/32261 http://www.vupen.com/english/advisories/2008/3127 https://exchange.xforce.ibmcloud.com/vulnerabilities/39051 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •