411 matches found
CVE-2018-3602
An AdHocQueryProcessor SQL injection remote code execution RCE vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations...
Sql injection
XXXTreeNode method SQL injection remote code execution RCE vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations...
CVE-2018-3605
TopXXX, ViolationXXX, and IncidentXXX method SQL injection remote code execution RCE vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations...
Sql injection
A CGGIServlet SQL injection remote code execution RCE vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations...
Sql injection
XXXStatusXXX, XXXSummary, TemplateXXX and XXXCompliance method SQL injection remote code execution RCE vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations...
CVE-2018-3604
GetXXX method SQL injection remote code execution RCE vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations...
CVE-2018-3601
A password hash usage authentication bypass vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to bypass authentication on vulnerable installations...
CVE-2018-3600
A external entity processing information disclosure XXE vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to disclose sensitive information on vulnerable installations...
CVE-2018-3602
An AdHocQueryProcessor SQL injection remote code execution RCE vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations...
CVE-2018-3603
A CGGIServlet SQL injection remote code execution RCE vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations...
CVE-2018-3605
TopXXX, ViolationXXX, and IncidentXXX method SQL injection remote code execution RCE vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations...
CVE-2018-3606
XXXStatusXXX, XXXSummary, TemplateXXX and XXXCompliance method SQL injection remote code execution RCE vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations...
CVE-2018-3602
The CVE-2018-3602 issue affects Trend Micro Control Manager 6.0 via an AdHocQuery_Processor SQL Injection that enables remote code execution. The root cause is improper validation of a user-supplied string used to build SQL queries within the GetProductCategory method of the AdHocQuery_Processor ...
CVE-2018-3604
GetXXX method SQL injection remote code execution RCE vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations...
CVE-2018-3604
Trend Micro Control Manager 6.0 is vulnerable to multiple SQL injection vulnerabilities that allow remote code execution via various GetXXX methods (GetPassword, GetRuleList, GetProductServerType) and related functions (sp_DDI_GetInterestedIPByJobID2). The root cause across advisories is lack of ...
CVE-2018-3605
TopXXX, ViolationXXX, and IncidentXXX method SQL injection remote code execution RCE vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations...
CVE-2018-3606
The CVE-2018-3606 issue affects Trend Micro Control Manager 6.0. Multiple ZDI advisories describe SQL Injection leading to Remote Code Execution in various Control Manager components (e.g., SensitiveFilesOverTime, TemplateMatchByTemplate, TemplateMatchByChannel, ThreatStastics, UserStatusBySeveri...
CVE-2018-3600
A external entity processing information disclosure XXE vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to disclose sensitive information on vulnerable installations...
CVE-2018-3603
Trend Micro Control Manager 6.0 contains a CGGIServlet SQL injection that allows remote code execution. The ZDI advisory specifies the vulnerability in the ID_QUERY_COMMAND_TRACKING_USER_ID parameter, where improper input validation enables arbitrary code execution under the Network Service accou...
CVE-2018-3607
XXXTreeNode method SQL injection remote code execution RCE vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations...