CVSS: 7.5EPSS: 73%CPEs: 4EXPL: 0CVE-2019-18187 – Trend Micro OfficeScan Directory Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2019-18187
28 Oct 2019 — Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to a web service account, which depending on the web platform used may have restricted permissions. An attempted attack requires user authentication. Las versiones 11.0 y XG (12.0) de Trend M... • https://success.trendmicro.com/solution/000151730 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2019-18189
https://notcve.org/view.php?id=CVE-2019-18189
28 Oct 2019 — A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulnerability does not require authentication. Una vulnerabilidad de salto de directorio en Trend Micro Apex One, OfficeScan (en versiones 11.0, XG) y Worry-Free Business Security (en versiones 9.5, 10.0) puede permitir a un atacante omitir una autenticación e i... • https://success.trendmicro.com/solution/000151732 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-9492
https://notcve.org/view.php?id=CVE-2019-9492
26 Jul 2019 — A DLL side-loading vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow an authenticated attacker to gain code execution and terminate the product's process - disabling endpoint protection. The attacker must have already gained authentication and have local access to the vulnerable system. Una vulnerabilidad de carga lateral de DLL en OfficeScan de Trend Micro versión 11.0 SP1 y XG, podría permitir a un atacante autenticado conseguir la ejecución de código y terminar el proceso del producto, ... • https://success.trendmicro.com/solution/1123045 • CWE-426: Untrusted Search Path •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2019-9489
https://notcve.org/view.php?id=CVE-2019-9489
05 Apr 2019 — A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0) could allow an attacker to modify arbitrary files on the affected product's management console. Una vulnerabilidad de salto de directorio en Trend Micro Apex One, OfficeScan (en versiones XG y 11.0) y Worry-Free Business Security (en versiones 10.0, 9.5 y 9.0) podría permitir que un atacante modifique archivos arbitrarios en la consola de gestión del p... • https://success.trendmicro.com/jp/solution/1122253 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-18331
https://notcve.org/view.php?id=CVE-2018-18331
21 Dec 2018 — A Trend Micro OfficeScan XG weak file permissions vulnerability on a particular folder for a particular group may allow an attacker to alter the files, which could lead to other exploits on vulnerable installations. Una vulnerabilidad de permisos de archivo débiles en Trend Micro OfficeScan XG para una carpeta en concreto de un grupo especifico podría permitir que un atacante altere los archivos, lo que podría conducir a otros exploits en instalaciones vulnerables. • https://success.trendmicro.com/solution/1121674 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-18332
https://notcve.org/view.php?id=CVE-2018-18332
21 Dec 2018 — A Trend Micro OfficeScan XG weak file permissions vulnerability may allow an attacker to potentially manipulate permissions on some key files to modify other files and folders on vulnerable installations. Una vulnerabilidad de permisos de archivo débiles en Trend Micro OfficeScan XG podría permitir que un atacante manipule los permisos en algunos archivos clave para poder modificar otros archivos y carpetas en instalaciones vulnerables. • https://success.trendmicro.com/solution/1121674 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-10508
https://notcve.org/view.php?id=CVE-2018-10508
12 Jun 2018 — A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to use a specially crafted URL to elevate account permissions on vulnerable installations. An attacker must already have at least guest privileges in order to exploit this vulnerability. Una vulnerabilidad en Trend Micro OfficeScan 11.0 SP1 y XG podría permitir que un atacante emplee una URL especialmente manipulada para elevar los permisos de la cuenta en instalaciones vulnerables. El atacante tiene que tener al menos privileg... • https://success.trendmicro.com/solution/1119961 •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-10509
https://notcve.org/view.php?id=CVE-2018-10509
12 Jun 2018 — A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to exploit it via a Browser Refresh attack on vulnerable installations. An attacker must be using a AD logon user account in order to exploit this vulnerability. Una vulnerabilidad en Trend Micro OfficeScan 11.0 SP1 y XG podría permitir que un atacante lo explote mediante un ataque de actualización de navegador en instalaciones vulnerables. El atacante debe emplear una cuenta de usuario AD logon para explotar esta vulnerabilida... • https://success.trendmicro.com/solution/1119961 •
CVSS: 4.4EPSS: 1%CPEs: 3EXPL: 3CVE-2018-10507 – TrendMicro OfficeScan XG 11.0 - Change Prevention Bypass
https://notcve.org/view.php?id=CVE-2018-10507
08 Jun 2018 — A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to take a series of steps to bypass or render the OfficeScan Unauthorized Change Prevention inoperable on vulnerable installations. An attacker must already have administrator privileges in order to exploit this vulnerability. Una vulnerabilidad en Trend Micro OfficeScan 11.0 SP1 y XG podría permitir que un atacante siga una serie de pasos para omitir o hacer que OfficeScan Unauthorized Change Prevention deje de funcionar en in... • https://packetstorm.news/files/id/148096 •
CVSS: 6.3EPSS: 0%CPEs: 3EXPL: 0CVE-2018-10358 – Trend Micro OfficeScan TMWFP driver Pool Corruption Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-10358
07 Jun 2018 — A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x2200B4 in the TMWFP driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de escalado de privilegios por corrupción de pool en Trend Micro OfficeScan 11.0 SP1 y XG podría permitir que... • https://success.trendmicro.com/solution/1119961 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •