411 matches found
CVE-2017-11385
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x6b1b due to lack of proper user input validation in cmdHandlerStatusMonitor.dll. Formerly ZDI-CAN-4545...
CVE-2017-11386
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x4707 due to lack of proper user input validation in cmdHandlerNewReportScheduler.dll. Formerly ZDI-CAN-4549...
CVE-2017-11388
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when RestfulServiceUtility.NET.dll doesn't properly validate user provided strings before constructing SQL queries. Formerly ZDI-CAN-4639 and ZDI-CAN-4638...
CVE-2017-11384
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x3b21 due to lack of proper user input validation in mdHandlerLicenseManager.dll. Formerly ZDI-CAN-4561...
CVE-2017-11389
Directory traversal vulnerability in Trend Micro Control Manager 6.0 allows remote code execution by attackers able to drop arbitrary files in a web-facing directory. Formerly ZDI-CAN-4684...
CVE-2017-11390
XML external entity XXE processing vulnerability in Trend Micro Control Manager 6.0, if exploited, could lead to information disclosure. Formerly ZDI-CAN-4706...
CVE-2017-11383
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x1b07 due to lack of proper user input validation in cmdHandlerTVCSCommander.dll. Formerly ZDI-CAN-4560...
CVE-2017-11387
Authentication Bypass in Trend Micro Control Manager 6.0 causes Information Disclosure when authentication validation is not done for functionality that can change debug logging level. Formerly ZDI-CAN-4512...
CVE-2017-11383
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x1b07 due to lack of proper user input validation in cmdHandlerTVCSCommander.dll. Formerly ZDI-CAN-4560...
CVE-2017-11384
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x3b21 due to lack of proper user input validation in mdHandlerLicenseManager.dll. Formerly ZDI-CAN-4561...
CVE-2017-11385
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x6b1b due to lack of proper user input validation in cmdHandlerStatusMonitor.dll. Formerly ZDI-CAN-4545...
CVE-2017-11387
Authentication Bypass in Trend Micro Control Manager 6.0 causes Information Disclosure when authentication validation is not done for functionality that can change debug logging level. Formerly ZDI-CAN-4512...
CVE-2017-11389
Directory traversal vulnerability in Trend Micro Control Manager 6.0 allows remote code execution by attackers able to drop arbitrary files in a web-facing directory. Formerly ZDI-CAN-4684...
CVE-2017-11390
XML external entity XXE processing vulnerability in Trend Micro Control Manager 6.0, if exploited, could lead to information disclosure. Formerly ZDI-CAN-4706...
CVE-2017-11387
CVE-2017-11387 concerns Trend Micro Control Manager 6.0 where an authentication bypass allows information disclosure by manipulating functionality that changes debug logging level. The issue arises because authentication validation is not performed for that capability, enabling remote attackers t...
CVE-2017-11384
CVE-2017-11384 affects Trend Micro Control Manager 6.0. The vulnerability is an SQL injection in the cmdHandlerLicenseManager.dll that occurs when handling input for opcode 0x3b21, due to improper input validation, enabling remote code execution. The issue can be exploited remotely with no authen...
CVE-2017-11389
CVE-2017-11389 is a directory traversal vulnerability in Trend Micro Control Manager 6.0 that allows remote code execution by dropping arbitrary files in a web-facing directory. The root cause is improper validation of a user-supplied path in the module cmdHandlerFileHandling.dll, enabling an att...
CVE-2017-11386
Trend Micro Control Manager 6.0 is affected by a SQL injection in the component cmdHandlerNewReportScheduler.dll when processing opcode 0x4707, caused by lack of proper input validation. This vulnerability can lead to Remote Code Execution and is documented as CVE-2017-11386 (ZDI-17-496). Public ...
CVE-2017-11388
CVE-2017-11388 affects Trend Micro Control Manager 6.0. The vulnerability is a SQL injection in RestfulServiceUtility.NET.dll that fails to validate user-supplied strings when constructing SQL queries, enabling Remote Code Execution. The ZDI advisories describe exploitation requiring authenticati...
CVE-2017-11388
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when RestfulServiceUtility.NET.dll doesn't properly validate user provided strings before constructing SQL queries. Formerly ZDI-CAN-4639 and ZDI-CAN-4638...