Page 85 of 485 results (0.007 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3

Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allow remote attackers to inject arbitrary web script or HTML via the (1) T1 or (2) tmLastConfigFileModifiedDate parameter to log_management.cgi. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en ServerProtect de Trend Micro para Linux versión 3.0 anterior a CP 1531, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio del parámetro (1) T1 o (2) tmLastConfigFileModifiedDate en el archivo log_management.cgi. Trend Micro ServerProtect suffers from information disclosure, manipulation, cross site request forgery, cross site scripting, and various other vulnerabilities. • http://packetstormsecurity.com/files/142645/Trend-Micro-ServerProtect-Disclosure-CSRF-XSS.html http://seclists.org/fulldisclosure/2017/May/91 http://www.securitytracker.com/id/1038548 https://success.trendmicro.com/solution/1117411 https://www.coresecurity.com/advisories/trend-micro-serverprotect-multiple-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 3

Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to write to arbitrary files and consequently execute arbitrary code with root privileges by leveraging failure to validate software updates. ServerProtect de Trend Micro para Linux versión 3.0 anterior a CP 1531 permite a los atacantes escribir en archivos arbitrarios y en consecuencia, ejecutar código arbitrario con privilegios de root mediante el aprovechamiento del fallo para comprobar las actualizaciones del programa. Trend Micro ServerProtect suffers from information disclosure, manipulation, cross site request forgery, cross site scripting, and various other vulnerabilities. • http://packetstormsecurity.com/files/142645/Trend-Micro-ServerProtect-Disclosure-CSRF-XSS.html http://seclists.org/fulldisclosure/2017/May/91 http://www.securitytracker.com/id/1038548 https://success.trendmicro.com/solution/1117411 https://www.coresecurity.com/advisories/trend-micro-serverprotect-multiple-vulnerabilities • CWE-20: Improper Input Validation •

CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 3

Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to eavesdrop and tamper with updates by leveraging unencrypted communications with update servers. Trend Micro ServerProtect para Linux 3.0 en versiones anteriores a la CP 1531 permite a los atacantes escuchar y manipular actualizaciones, aprovechando comunicaciones sin cifrar con servidores de actualización. Trend Micro ServerProtect suffers from information disclosure, manipulation, cross site request forgery, cross site scripting, and various other vulnerabilities. • http://packetstormsecurity.com/files/142645/Trend-Micro-ServerProtect-Disclosure-CSRF-XSS.html http://seclists.org/fulldisclosure/2017/May/91 http://www.securitytracker.com/id/1038548 https://success.trendmicro.com/solution/1117411 https://www.coresecurity.com/advisories/trend-micro-serverprotect-multiple-vulnerabilities • CWE-319: Cleartext Transmission of Sensitive Information •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

Trend Micro OfficeScan 11.0 before SP1 CP 6325 (with Agent Module Build before 6152) and XG before CP 1352 has XSS via a crafted URI using a blocked website. Trend Micro OfficeScan 11.0 antes de SP1 CP 6325 (cin Agent Module Build anterior a 6152) y XG anterior a CP 1352 están afectados por un XSS a traves de una URI utilizando un sitio bloqueado. • http://files.trendmicro.com/products/officescan/11.0_SP1/readme/osce-11-sp1-patch1-win-all-criticalpatch-6325_readme.txt https://success.trendmicro.com/solution/1117204-security-bulletin-trend-micro-officescan-11-xg-multiple-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

Trend Micro OfficeScan 11.0 before SP1 CP 6325 and XG before CP 1352 allows remote authenticated users to gain privileges by leveraging a leak of an encrypted password during a web-console operation. Trend Micro OfficeScan 11.0 en la versión anterior a SP1 CP 6325 y XG y la versión anterior a CP 1352, permite a los usuarios remotos autenticados obtener privilegios aprovechando una fuga de una contraseña cifrada durante una operación de consola web. • http://www.securityfocus.com/bid/98007 https://success.trendmicro.com/solution/1117204 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •