CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6220
https://notcve.org/view.php?id=CVE-2016-6220
Information Disclosure vulnerability in the Dashboard and Error Pages in Trend Micro Control Manager SP3 6.0. Una vulnerabilidad de divulgación de información en el Panel de control y Páginas de Error en Trend Micro Control Manager SP3 versión 6.0. • http://www.securityfocus.com/bid/92363 https://success.trendmicro.com/solution/1114749 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 12%CPEs: 2EXPL: 0CVE-2017-11393 – Trend Micro OfficeScan Proxy Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-11393
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the tr parameter within Proxy.php. Formerly ZDI-CAN-4543. La vulnerabilidad de inyección de comandos proxy en Trend Micro OfficeScan 11 y XG (12) permite que atacantes remotos puedan ejecutar código arbitrario en instalaciones vulnerables. Este error específico se puede explotar parseando el parámetro tr en Proxy.php. • http://www.securityfocus.com/bid/100127 http://www.zerodayinitiative.com/advisories/ZDI-17-522 https://success.trendmicro.com/solution/1117769 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 20%CPEs: 1EXPL: 0CVE-2017-11383 – Trend Micro Control Manager cmdHandlerTVCSCommander SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-11383
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x1b07 due to lack of proper user input validation in cmdHandlerTVCSCommander.dll. Formerly ZDI-CAN-4560. Inyección SQL en Trend Micro Control Manager versión 6.0, causa una ejecución de código remota al ejecutar el código de operación 0x1b07 debido a una falta de comprobación de entrada de usuario apropiada en la biblioteca cmdHandlerTVCSCommander.dll. Anteriormente ZDI-CAN-4560. This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Trend Micro Control Manager. • http://www.securityfocus.com/bid/100078 http://www.securitytracker.com/id/1039049 http://www.zerodayinitiative.com/advisories/ZDI-17-493 https://success.trendmicro.com/solution/1117722 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 20%CPEs: 1EXPL: 0CVE-2017-11384 – Trend Micro Control Manager cmdHandlerLicenseManager SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-11384
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x3b21 due to lack of proper user input validation in mdHandlerLicenseManager.dll. Formerly ZDI-CAN-4561. Inyección SQL en Trend Micro Control Manager versión 6.0, causa una ejecución de código remota al ejecutar el código de operación 0x3b21 debido a una falta de comprobación de entrada de usuario apropiada en la biblioteca mdHandlerLicenseManager.dll. Anteriormente ZDI-CAN-4561. This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Trend Micro Control Manager. • http://www.securityfocus.com/bid/100078 http://www.securitytracker.com/id/1039049 http://www.zerodayinitiative.com/advisories/ZDI-17-494 https://success.trendmicro.com/solution/1117722 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 20%CPEs: 1EXPL: 0CVE-2017-11385 – Trend Micro Control Manager cmdHandlerStatusMonitor SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-11385
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x6b1b due to lack of proper user input validation in cmdHandlerStatusMonitor.dll. Formerly ZDI-CAN-4545. Una vulnerabilidad de inyección SQL en Trend Micro Control Manager 6.0 permite la ejecución de código remoto cuando se ejecuta opcode 0x6b1b por no haber una validación de los datos de entrada del usuario correcta en cmdHandlerStatusMonitor.dll. Anteriormente esta vulnerabilidad tenía el código ZDI-CAN-4545. This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Trend Micro Control Manager. • http://www.securityfocus.com/bid/100078 http://www.securitytracker.com/id/1039049 http://www.zerodayinitiative.com/advisories/ZDI-17-495 https://success.trendmicro.com/solution/1117722 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •