CVE-2016-1224
https://notcve.org/view.php?id=CVE-2016-1224
CRLF injection vulnerability in Trend Micro Worry-Free Business Security Service 5.x and Worry-Free Business Security 9.0 allows remote attackers to inject arbitrary HTTP headers and conduct cross-site scripting (XSS) attacks via unspecified vectors. Vulnerabilidad de inyección CRLF en Trend Micro Worry-Free Business Security Service 5.x y Worry-Free Business Security 9.0 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y llevar a cabo ataques XSS a través de vectores no especificados. • http://esupport.trendmicro.com/solution/ja-JP/1114102.aspx http://jvn.jp/en/jp/JVN48847535/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2016-000089 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-1223
https://notcve.org/view.php?id=CVE-2016-1223
Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x, and Worry-Free Business Security 9.0 allows remote attackers to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x y Worry-Free Business Security 9.0 permite a atacantes remotos leer archivos arbitrarios a través de vectores no especificados. • http://esupport.trendmicro.com/solution/ja-JP/1114102.aspx http://jvn.jp/en/jp/JVN48847535/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2016-000074 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •