CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-3326
https://notcve.org/view.php?id=CVE-2015-3326
14 May 2015 — Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 before Hot Fix Build 3318 and 11.0 before Hot Fix Build 4180 creates session IDs for the web console using a random number generator with predictable values, which makes it easier for remote attackers to bypass authentication via a brute force attack. Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 anterior a Hot Fix Build 3318 y 11.0 anterior a Hot Fix Build 4180 crea identificadores de sesión para la consola web utilizando un generador de núm... • http://blog.malerisch.net/2016/05/trendmicro-smex-session-predictable-cve-2015-3326.html •
CVSS: 9.8EPSS: 9%CPEs: 12EXPL: 1CVE-2012-2998 – Trend Micro Control Manager 5.5/6.0 AdHocQuery - (Authenticated) Blind SQL Injection
https://notcve.org/view.php?id=CVE-2012-2998
28 Sep 2012 — SQL injection vulnerability in the ad hoc query module in Trend Micro Control Manager (TMCM) before 5.5.0.1823 and 6.0 before 6.0.0.1449 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en el módulo ad hoc en Trend Micro Control Manager (TMCM) anterior a v5.5.0.1823 y v6.0 anterior a v6.0.0.1449 permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores no especificados. • https://www.exploit-db.com/exploits/21546 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 74%CPEs: 1EXPL: 1CVE-2011-5001 – Trend Micro Control Manger 5.5 - 'CmdProcessor.exe' Remote Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2011-5001
25 Dec 2011 — Stack-based buffer overflow in the CGenericScheduler::AddTask function in cmdHandlerRedAlertController.dll in CmdProcessor.exe in Trend Micro Control Manager 5.5 before Build 1613 allows remote attackers to execute arbitrary code via a crafted IPC packet to TCP port 20101. Desbordamiento de búfer basado en pila en la función CGenericScheduler::AddTask en cmdHandlerRedAlertController.dll en CmdProcessor.exe en Trend Micro Control Manager v5.5 anterior al Build 1613 permite a atacantes remotos ejecutar código... • https://www.exploit-db.com/exploits/18514 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2008-3864
https://notcve.org/view.php?id=CVE-2008-3864
21 Jan 2009 — The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field. La función ApiThread en el servicio de cortafuegos (también conocido como TmPfw.exe) en los módulos Trend Micro Network Security Component (NSC), del modo que se us... • http://secunia.com/advisories/31160 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 29%CPEs: 3EXPL: 0CVE-2008-3865
https://notcve.org/view.php?id=CVE-2008-3865
21 Jan 2009 — Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field. Múltiples desbordamientos de búfer basados en montículo en la función ApiThread en el servicio de cortafuegos (también conocido como TmPfw.exe) ... • http://secunia.com/advisories/31160 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2008-3866
https://notcve.org/view.php?id=CVE-2008-3866
21 Jan 2009 — The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets. El servicio Trend Micro Personal Firewall (también conocido como TmPfw.exe)... • http://secunia.com/advisories/31160 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 23%CPEs: 3EXPL: 0CVE-2008-2434
https://notcve.org/view.php?id=CVE-2008-2434
23 Dec 2008 — The Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in Housecall_ActiveX.dll allows remote attackers to download an arbitrary library file onto a client system via a "custom update server" argument. NOTE: this can be leveraged for code execution by writing to a Startup folder. El control ActiveX de Trend Micro HouseCall v6.51.0.1028 y v6.6.0.1278 en Housecall_ActiveX.dll permite a atacantes remotos descargar un fichero de biblioteca arbitrario en un sistema cliente a través del parámetro "c... • http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1038646&id=EN-1038646 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 22%CPEs: 2EXPL: 0CVE-2008-2435
https://notcve.org/view.php?id=CVE-2008-2435
23 Dec 2008 — Use-after-free vulnerability in the Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in Housecall_ActiveX.dll allows remote attackers to execute arbitrary code via a crafted notifyOnLoadNative callback function. Vulnerabilidad de uso después de la liberación en el control ActiveX de HouseCall de Trend Micro v6.51.0.1028 y v6.6.0.1278 en Housecall_ActiveX.dll, permite a atacantes remotos ejecutar código arbitrario a través de una función de retorno notifyOnLoadNative manipulada. • http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1038646&id=EN-1038646 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2008-5545
https://notcve.org/view.php?id=CVE-2008-5545
12 Dec 2008 — Trend Micro VSAPI 8.700.0.1004 in Trend Micro AntiVirus, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. Trend Micro VSAPI v8.700.0.1004 en Trend Micro AntiVirus, cuando se utiliza Internet Explorer 6 o 7, permite a ataca... • http://securityreason.com/securityalert/4723 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 14%CPEs: 2EXPL: 0CVE-2006-5268
https://notcve.org/view.php?id=CVE-2006-5268
17 Nov 2008 — Unspecified vulnerability in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via vectors related to obtaining "administrative access to the RPC interface." Vulnerabilidad no especificada en Trend Micro ServerProtect 5.7 y 5.58 permite a atacantes remotos ejecutar código de su elección a través de vectores relacionados para obtener "acceso administrativo a la interface RPC". • http://blogs.iss.net/archive/trend.html • CWE-287: Improper Authentication •