The Log Query and Quarantine Query pages in Trend Micro ScanMail for Exchange 12.0 are vulnerable to cross site scripting (XSS) attacks.
Max CVSS
6.1
EPSS Score
0.11%
Published
2017-12-16
Updated
2017-12-27
The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 12.0 web interface forms could allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain.
Max CVSS
8.8
EPSS Score
0.12%
Published
2017-12-16
Updated
2017-12-26
A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific installations that utilize a uncommon feature - Other Update Sources - could be exploited to overwrite sensitive files in the ScanMail for Exchange directory.
Max CVSS
7.6
EPSS Score
0.26%
Published
2017-12-16
Updated
2017-12-27
A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not encrypted.
Max CVSS
9.1
EPSS Score
0.26%
Published
2017-12-16
Updated
2017-12-26
An Unauthorized Memory Corruption vulnerability in Trend Micro OfficeScan 11.0 and XG may allow remote unauthenticated users who can access the OfficeScan server to target cgiShowClientAdm.exe and cause memory corruption issues.
Max CVSS
9.8
EPSS Score
2.09%
Published
2017-10-06
Updated
2018-10-09
Memory Corruption Privilege Escalation vulnerabilities in Trend Micro OfficeScan 11.0 and XG allows local attackers to execute arbitrary code and escalate privileges to resources normally reserved for the kernel on vulnerable installations by exploiting tmwfp.sys. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability.
Max CVSS
7.0
EPSS Score
0.07%
Published
2017-10-06
Updated
2017-10-13
A Host Header Injection vulnerability in Trend Micro OfficeScan XG (12.0) may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages.
Max CVSS
7.5
EPSS Score
2.70%
Published
2017-10-06
Updated
2018-10-09
Pre-authorization Start Remote Process vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to start the fcgiOfcDDA.exe executable or cause a potential INI corruption, which may cause the server disk space to be consumed with dump files from continuous HTTP requests.
Max CVSS
7.8
EPSS Score
1.47%
Published
2017-10-06
Updated
2019-10-03
Information disclosure vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to query the network's NT domain or the PHP version and modules.
Max CVSS
5.3
EPSS Score
1.35%
Published
2017-10-06
Updated
2018-10-09
A potential Man-in-the-Middle (MitM) attack vulnerability in Trend Micro OfficeScan 11.0 and XG may allow attackers to execute arbitrary code on vulnerable installations.
Max CVSS
8.1
EPSS Score
2.07%
Published
2017-10-06
Updated
2019-10-03
A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote unauthenticated users who can access the system to download the OfficeScan encryption file.
Max CVSS
7.5
EPSS Score
1.85%
Published
2017-10-06
Updated
2019-10-03
Proxy command injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.
Max CVSS
8.8
EPSS Score
1.69%
Published
2017-09-22
Updated
2017-09-29
Authentication bypass vulnerability in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allows attackers to access a specific part of the console using a blank password.
Max CVSS
9.8
EPSS Score
0.25%
Published
2017-09-22
Updated
2017-09-29
Unrestricted file uploads in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.
Max CVSS
8.8
EPSS Score
2.12%
Published
2017-09-22
Updated
2017-09-29
SQL Injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.
Max CVSS
10.0
EPSS Score
63.94%
Published
2017-09-22
Updated
2017-09-29
A service DLL preloading vulnerability in Trend Micro Encryption for Email versions 5.6 and below could allow an unauthenticated remote attacker to execute arbitrary code on a vulnerable system.
Max CVSS
7.8
EPSS Score
3.71%
Published
2017-12-16
Updated
2017-12-29
Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the console to implement remote code injections.
Max CVSS
9.0
EPSS Score
0.20%
Published
2017-09-22
Updated
2020-08-19
Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnerable installations.
Max CVSS
8.8
EPSS Score
0.62%
Published
2017-09-22
Updated
2019-10-03

CVE-2017-11394

Public exploit
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the T parameter within Proxy.php. Formerly ZDI-CAN-4544.
Max CVSS
10.0
EPSS Score
64.71%
Published
2017-08-03
Updated
2017-10-14
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the tr parameter within Proxy.php. Formerly ZDI-CAN-4543.
Max CVSS
10.0
EPSS Score
12.94%
Published
2017-08-03
Updated
2017-08-06
Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "T" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4745.
Max CVSS
8.8
EPSS Score
3.61%
Published
2017-08-03
Updated
2017-08-05
Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "t" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4744.
Max CVSS
8.8
EPSS Score
15.32%
Published
2017-08-03
Updated
2017-08-07
XML external entity (XXE) processing vulnerability in Trend Micro Control Manager 6.0, if exploited, could lead to information disclosure. Formerly ZDI-CAN-4706.
Max CVSS
7.5
EPSS Score
0.81%
Published
2017-08-02
Updated
2017-08-04
Directory traversal vulnerability in Trend Micro Control Manager 6.0 allows remote code execution by attackers able to drop arbitrary files in a web-facing directory. Formerly ZDI-CAN-4684.
Max CVSS
9.8
EPSS Score
8.06%
Published
2017-08-02
Updated
2017-08-06
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when RestfulServiceUtility.NET.dll doesn't properly validate user provided strings before constructing SQL queries. Formerly ZDI-CAN-4639 and ZDI-CAN-4638.
Max CVSS
8.8
EPSS Score
1.43%
Published
2017-08-02
Updated
2017-08-06
72 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!