CVE-2018-10357

Trend Micro Endpoint Application Control 2.0 contains a directory traversal vulnerability in the FileDrop servlet that can allow a remote attacker to execute arbitrary code. Multiple sources (including ZDI-18-469 and CNVD/NVD variants) describe that authentication is required to exploit, and the ...

CVE-2018-10357

A directory traversal vulnerability in Trend Micro Endpoint Application Control 2.0 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the FileDrop servlet. Authentication is required to exploit this vulnerability...

Trend Micro Endpoint Application Control FileDrop Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Endpoint Application Control. Authentication is required to exploit this vulnerability. The specific flaw exists within the FileDrop servlet. When parsing filenames, the process does no...

CVE-2018-2418

SAP MaxDB ODBC driver all versions before 7.9.09.07 allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application...

PCI DSS v3.2 & Exposing Session ID in URL

Passing the session ID in the URL such as QID 150068 “Session ID in URL” will be marked as a Fail for PCI as of April 15, 2018 in accordance with PCI DSS v3.2. QID 150068 is a PCI Fail according to PCI DSS v3.2 Requirement 6.5.10: 6.5.10 Examine software development policies and procedures and...

January 17, 2018—KB4057144 (OS Build 15063.877)

January 17, 2018—KB4057144 OS Build 15063.877 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses issue where some customers on a small subset of older AMD processors get into an...

Design/Logic Flaw

Ivanti Endpoint Security formerly HEAT Endpoint Management and Security Suite 8.5 Update 1 and earlier allows an authenticated user with low privileges and access to the local network to bypass application whitelisting when using the Application Control module on Ivanti Endpoint Security in...

CVE-2018-6316

Ivanti Endpoint Security formerly HEAT Endpoint Management and Security Suite 8.5 Update 1 and earlier allows an authenticated user with low privileges and access to the local network to bypass application whitelisting when using the Application Control module on Ivanti Endpoint Security in...

February 13, 2018—KB4074591 (OS Build 10586.1417)

February 13, 2018—KB4074591 OS Build 10586.1417 This update can only be applied to Windows 10 Enterprise and Windows 10 Education editions.Reminder:The additional servicing offer for Windows 10, version 1511 ends on April 10, 2018 and doesn't extend beyond this date. To continue receiving securit...

Windows Defender Application Control の紹介

本記事は、Windows Security のブログ “Introducing Windows Defender Application Control” 2017 年 10 月 23 日 米国時間...

Cisco Multiple Product Information Disclosure Vulnerabilities

The Cisco ASA family of security appliances protects corporate networks of all sizes. It enables highly secure data access anytime, anywhere, using any device. The Cisco Application Control Engine Module ACE family for Cisco Catalyst® 6500 provides the highest level of application infrastructure...

Cisco Multiple Product Information Disclosure Vulnerability (CNVD-2017-37269)

The Cisco ASA family of security appliances protects corporate networks of all sizes. It enables highly secure data access anytime, anywhere, using any device. The Cisco Application Control Engine Module ACE family for Cisco Catalyst® 6500 provides the highest level of application infrastructure...

Design/Logic Flaw

SAP NetWeaver Internet Transaction Server ITS, SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application...

CVE-2017-16682

SAP NetWeaver Internet Transaction Server ITS, SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application...

Check Point Gaia Operating System HTTP evasion protection failure (sk98814)

The remote host is running a version of Gaia OS which is affected by an issue where protections in the following components may fail under specific HTTP evasions : - IPS - Application Control - URL Filtering - Anti-Virus - Anti-Bot - Threat Emulation C Tenable Network Security, Inc...

Customer-driven Rapid Innovation for Hybrid Cloud Security

Cyber threats have no boundaries; they come in new and evolving forms, capable of striking at any time … so it becomes important that your threat protection extends beyond conventional boundaries as well. In the past, on premise versions of security solutions were held up by long development cycl...

Introducing Windows Defender Application Control

Application control is a crucial line of defense for protecting enterprises given today’s threat landscape, and it has an inherent advantage over traditional antivirus solutions. Specifically, application control flips the model from one where all applications are assumed trustworthy by default t...

The vulnerability of the McAfee Application Control control tool stems from deficiencies in access control. This allows attackers to increase their privileges, cause service interruptions, or execute arbitrary code.

The vulnerability of McAfee Application Control relates to deficiencies in access control. Exploiting this vulnerability can allow a local attacker to enhance their privileges, cause service interruptions, or execute arbitrary code using IOCTLs...

Helping Mobile Operators Keep Customers Safe with Virtualized Network Security

At Trend Micro we’re always looking for innovative new ways to support our customers and help overcome their cybersecurity challenges. Mobile network operators MNOs are increasingly adopting virtualization and software acceleration technologies to become more agile in how they deploy and operate...

Magento 1.9.0.1 Cross-Site Scripting Vulnerability

Magento Web E-Commerce Platform is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...