8 results (0.003 seconds)

CVSS: 7.2EPSS: 0%CPEs: 25EXPL: 0

05 Aug 2020 — An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or potentially lead to code execution in kernel mode. An attacker must already have obtained administrator access on the target machine (either legitimately or via a separate unrelated attack) to exploit this vulnerability.... • https://jvn.jp/en/vu/JVNVU99160193/index.html • CWE-20: Improper Input Validation •

CVSS: 9.4EPSS: 1%CPEs: 7EXPL: 0

18 Mar 2020 — Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this vulnerability. El servidor de Trend Micro Apex One (2019), OfficeScan XG y Worry-Free Business Security versiones (9.0, 9.5, 10.0), contienen un archivo DLL de servicio vulnerable que podría permitir a un atacante eliminar cualquier a... • https://success.trendmicro.com/jp/solution/000244253 •

CVSS: 10.0EPSS: 8%CPEs: 7EXPL: 0

18 Mar 2020 — Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges. Authentication is not required to exploit this vulnerability. El servidor de Trend Micro Apex One (2019), OfficeScan XG y Worry-Free Business Security versiones (9.0, 9.5, 10.0), contienen un archivo DLL de servicio vulnerable que podría permitir a un atac... • https://success.trendmicro.com/jp/solution/000244253 • CWE-306: Missing Authentication for Critical Function •

CVSS: 8.8EPSS: 4%CPEs: 7EXPL: 0

18 Mar 2020 — Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication. Los agentes de Trend Micro Apex One (2019), OfficeScan XG y Worry-Free Business Security versiones (9.0, 9.5, 10.0), están afectados por una vulnerabilidad de escape de comprobación de contenido que podría permitir a un atacant... • https://success.trendmicro.com/jp/solution/000244253 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0

17 Mar 2020 — Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected by a directory traversal vulnerability that could allow an attacker to manipulate a key file to bypass authentication. Trend Micro Worry-Free Business Security versiones (9.0, 9.5, 10.0), está afectado por una vulnerabilidad de salto del directorio que podría permitir a un atacante manipular un archivo de clave para omitir una autenticación. This vulnerability allows remote attackers to bypass authentication on affected installations of T... • https://success.trendmicro.com/jp/solution/000244836 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0

05 Apr 2019 — A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0) could allow an attacker to modify arbitrary files on the affected product's management console. Una vulnerabilidad de salto de directorio en Trend Micro Apex One, OfficeScan (en versiones XG y 11.0) y Worry-Free Business Security (en versiones 10.0, 9.5 y 9.0) podría permitir que un atacante modifique archivos arbitrarios en la consola de gestión del p... • https://success.trendmicro.com/jp/solution/1122253 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.3EPSS: 1%CPEs: 3EXPL: 0

19 Jun 2016 — Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x, and Worry-Free Business Security 9.0 allows remote attackers to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x y Worry-Free Business Security 9.0 permite a atacantes remotos leer archivos arbitrarios a través de vectores no especificados. • http://esupport.trendmicro.com/solution/ja-JP/1114102.aspx • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

19 Jun 2016 — CRLF injection vulnerability in Trend Micro Worry-Free Business Security Service 5.x and Worry-Free Business Security 9.0 allows remote attackers to inject arbitrary HTTP headers and conduct cross-site scripting (XSS) attacks via unspecified vectors. Vulnerabilidad de inyección CRLF en Trend Micro Worry-Free Business Security Service 5.x y Worry-Free Business Security 9.0 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y llevar a cabo ataques XSS a través de vectores no especificados. • http://esupport.trendmicro.com/solution/ja-JP/1114102.aspx • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •