411 matches found
CVE-2016-6220
CVE-2016-6220 affects Trend Micro Control Manager SP3 6.0; a vulnerability in the Dashboard and Error Pages allows information disclosure over the network. CVSS-3.1 base score 7.5 (HIGH) with no privileges required and no user interaction, impacting confidentiality (HIGH) but not integrity/availa...
Trend Micro Control Manager SQL Injection Vulnerability (CNVD-2017-20299)
Trend Micro Control Manager is the centralized management console for managing Trend Micro products and services. A SQL injection vulnerability in Trend Micro Control Manager allows remote attackers to submit specially crafted SQL queries to manipulate or obtain database data...
Trend Micro Control Manager SQL Injection Vulnerability (CNVD-2017-20301)
Trend Micro Control Manager is the centralized management console for managing Trend Micro products and services. A SQL injection vulnerability in Trend Micro Control Manager allows remote attackers to submit specially crafted SQL queries to manipulate or obtain database data...
Trend Micro Control Manager SQL Injection Vulnerability (CNVD-2017-20300)
Trend Micro Control Manager is the centralized management console for managing Trend Micro products and services. A SQL injection vulnerability in Trend Micro Control Manager allows remote attackers to exploit the vulnerability by submitting specially crafted SQL queries to manipulate or obtain...
Trend Micro Control Manager Security Bypass Vulnerability
Trend Micro Control Manager is the centralized management console for managing Trend Micro products and services. A security vulnerability in Trend Micro Control Manager allows remote attackers to submit specially crafted requests to bypass authentication and conduct unauthorized operations...
CVE-2017-11387
Authentication Bypass in Trend Micro Control Manager 6.0 causes Information Disclosure when authentication validation is not done for functionality that can change debug logging level. Formerly ZDI-CAN-4512...
CVE-2017-11388
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when RestfulServiceUtility.NET.dll doesn't properly validate user provided strings before constructing SQL queries. Formerly ZDI-CAN-4639 and ZDI-CAN-4638...
CVE-2017-11383
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x1b07 due to lack of proper user input validation in cmdHandlerTVCSCommander.dll. Formerly ZDI-CAN-4560...
CVE-2017-11389
Directory traversal vulnerability in Trend Micro Control Manager 6.0 allows remote code execution by attackers able to drop arbitrary files in a web-facing directory. Formerly ZDI-CAN-4684...
CVE-2017-11386
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x4707 due to lack of proper user input validation in cmdHandlerNewReportScheduler.dll. Formerly ZDI-CAN-4549...
CVE-2017-11384
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x3b21 due to lack of proper user input validation in mdHandlerLicenseManager.dll. Formerly ZDI-CAN-4561...
Sql injection
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x4707 due to lack of proper user input validation in cmdHandlerNewReportScheduler.dll. Formerly ZDI-CAN-4549...
Sql injection
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x1b07 due to lack of proper user input validation in cmdHandlerTVCSCommander.dll. Formerly ZDI-CAN-4560...
Directory traversal
Directory traversal vulnerability in Trend Micro Control Manager 6.0 allows remote code execution by attackers able to drop arbitrary files in a web-facing directory. Formerly ZDI-CAN-4684...
Sql injection
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when RestfulServiceUtility.NET.dll doesn't properly validate user provided strings before constructing SQL queries. Formerly ZDI-CAN-4639 and ZDI-CAN-4638...
Authentication flaw
Authentication Bypass in Trend Micro Control Manager 6.0 causes Information Disclosure when authentication validation is not done for functionality that can change debug logging level. Formerly ZDI-CAN-4512...
Sql injection
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x3b21 due to lack of proper user input validation in mdHandlerLicenseManager.dll. Formerly ZDI-CAN-4561...
Sql injection
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x6b1b due to lack of proper user input validation in cmdHandlerStatusMonitor.dll. Formerly ZDI-CAN-4545...
Xxe
XML external entity XXE processing vulnerability in Trend Micro Control Manager 6.0, if exploited, could lead to information disclosure. Formerly ZDI-CAN-4706...
CVE-2017-11390
XML external entity XXE processing vulnerability in Trend Micro Control Manager 6.0, if exploited, could lead to information disclosure. Formerly ZDI-CAN-4706...