CVSS: 7.5EPSS: 4%CPEs: 12EXPL: 1CVE-2012-2998 – Trend Micro Control Manager 5.5/6.0 AdHocQuery - (Authenticated) Blind SQL Injection
https://notcve.org/view.php?id=CVE-2012-2998
SQL injection vulnerability in the ad hoc query module in Trend Micro Control Manager (TMCM) before 5.5.0.1823 and 6.0 before 6.0.0.1449 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en el módulo ad hoc en Trend Micro Control Manager (TMCM) anterior a v5.5.0.1823 y v6.0 anterior a v6.0.0.1449 permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores no especificados. Trend Micro Control Manager versions 5.5 and 6.0 suffer from an AdHocQuery remote blind SQL injection vulnerability. • https://www.exploit-db.com/exploits/21546 http://esupport.trendmicro.com/solution/en-us/1061043.aspx http://jvn.jp/en/jp/JVN42014489/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2012-000090 http://www.kb.cert.org/vuls/id/950795 http://www.securitytracker.com/id?1027584 http://www.spentera.com/2012/09/trend-micro-control-manager-sql-injection-vulnerability http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_TMCM55_1823.txt http://www.trendmicro.com/ftp/doc • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 94%CPEs: 1EXPL: 2CVE-2011-5001 – Trend Micro Control Manger 5.5 - 'CmdProcessor.exe' Remote Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2011-5001
Stack-based buffer overflow in the CGenericScheduler::AddTask function in cmdHandlerRedAlertController.dll in CmdProcessor.exe in Trend Micro Control Manager 5.5 before Build 1613 allows remote attackers to execute arbitrary code via a crafted IPC packet to TCP port 20101. Desbordamiento de búfer basado en pila en la función CGenericScheduler::AddTask en cmdHandlerRedAlertController.dll en CmdProcessor.exe en Trend Micro Control Manager v5.5 anterior al Build 1613 permite a atacantes remotos ejecutar código de su elección mediante un paquete IPC manipulado al puerto 20101 TCP • https://www.exploit-db.com/exploits/18514 http://secunia.com/advisories/47114 http://www.securityfocus.com/archive/1/520780/100/0/threaded http://www.securitytracker.com/id?1026390 http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_TMCM55_1613.txt http://www.zerodayinitiative.com/advisories/ZDI-11-345 https://exchange.xforce.ibmcloud.com/vulnerabilities/71681 https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/misc/trendmicro_cmdprocessor_addtas • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 39%CPEs: 118EXPL: 0CVE-2007-0851
https://notcve.org/view.php?id=CVE-2007-0851
Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, as used in other products such as Cyber Clean Center (CCC) Cleaner, allows remote attackers to execute arbitrary code via a malformed UPX compressed executable. Un desbordamiento de búfer en Trend Micro Scan Engine versiones 8.000 y 8.300 anteriores al archivo de patrones de virus versión 4.245.00, tal y como es usado en otros productos como Cyber Clean Center (CCC) Cleaner, permite a atacantes remotos ejecutar código arbitrario por medio de un ejecutable comprimido UPX malformado. • http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034289 http://jvn.jp/jp/JVN%2377366274/index.html http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=470 http://osvdb.org/33038 http://secunia.com/advisories/24087 http://secunia.com/advisories/24128 http://securitytracker.com/id?1017601 http://securitytracker.com/id?1017602 http://securitytracker.com/id? •
CVSS: 7.5EPSS: 21%CPEs: 78EXPL: 0CVE-2005-0533
https://notcve.org/view.php?id=CVE-2005-0533
Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI before 7.510, as used in multiple Trend Micro products, allows remote attackers to execute arbitrary code via a crafted ARJ file with long header file names that modify pointers within a structure. • http://secunia.com/advisories/14396 http://securitytracker.com/id?1013289 http://securitytracker.com/id?1013290 http://www.securityfocus.com/bid/12643 http://www.trendmicro.com/vinfo/secadvisories/default6.asp?VName=Vulnerability+in+VSAPI+ARJ+parsing+could+allow+Remote+Code+execution http://xforce.iss.net/xforce/alerts/id/189 •