411 matches found
CVE-2017-11385
CVE-2017-11385 affects Trend Micro Control Manager 6.0. The issue is an SQL injection in cmdHandlerStatusMonitor.dll triggered by improper validation when handling opcode 0x6b1b, enabling remote code execution. Public disclosures (ZDI-17-495, NVD entry) describe unauthenticated remote exploitatio...
CVE-2017-11390
This CVE concerns an XML External Entity (XXE) processing vulnerability in Trend Micro Control Manager 6.0. The issue stems from XXE handling in the product’s input processing, enabling information disclosure if an attacker supplies malicious XML. Multiple connected sources (NVD entry, ZDI adviso...
CVE-2017-11383
Trend Micro Control Manager (TMCM) 6.0 contains a SQL injection in cmdHandlerTVCSCommander.dll when handling opcode 0x1b07 due to insufficient validation of user input, enabling remote code execution. Public advisories (ZDI-17-493) and CVE-2017-11383 describe remote exploitation without authentic...
CVE-2017-11386
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x4707 due to lack of proper user input validation in cmdHandlerNewReportScheduler.dll. Formerly ZDI-CAN-4549...
Trend Micro Control Manager Directory Traversal Vulnerability
Trend Micro Control Manager is the centralized management console for managing Trend Micro products and services. A directory traversal vulnerability exists in Trend Micro Control Manager, which could be exploited by remote attackers to submit a specific request to execute arbitrary code or view...
Trend Micro Control Manager cmdHandlerNewReportScheduler SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within cmdHandlerNewReportScheduler.dll when executing opcode 0x4707. The issue...
Trend Micro Control Manager cmdHandlerTVCSCommander SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within cmdHandlerTVCSCommander.dll when executing opcode 0x1b07. The issue results...
Trend Micro Control Manager cmdHandlerStatusMonitor SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within cmdHandlerStatusMonitor.dll when executing opcode 0x6b1b. The issue results...
Trend Micro Control Manager SQL Injection Vulnerability (CNVD-2017-20422)
Trend Micro Control Manager is the centralized management console for managing Trend Micro products and services. A SQL injection vulnerability in Trend Micro Control Manager allows remote attackers to submit specially crafted SQL queries to manipulate or obtain database data...
Trend Micro Control Manager cmdHandlerTVCSCommander.dll File SQL Injection Vulnerability
Trend Micro Control Manager TMCM is an integrated threat detection and data protection management center software from Trend Micro. A SQL injection vulnerability exists in TMCM version 6.0, which stems from the cmdHandlerTVCSCommander.dll file failing to adequately validate user input. A remote...
Trend Micro Control Manager XML External Entity Vulnerability
Trend Micro Control Manager is the centralized management console for managing Trend Micro products and services. A security vulnerability in Trend Micro Control Manager's handling of XML external entities allows remote attackers to exploit the vulnerability by submitting specialized XML data,...
Trend Micro Control Manager cmdHandlerLicenseManager SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within cmdHandlerLicenseManager.dll when executing opcode 0x3b21. The issue result...
Trend Micro Control Manager cmdHandlerFileHandling Directory Traversal Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within cmdHandlerFileHandling.dll. The issue results from the lack of proper...
Trend Micro Control Manager Debug Level Authentication Bypass Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of debug settings. The software does not provide...
Trend Micro Control Manager RestfulServiceUtility.NET SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the Investigate endpoint in RestfulServiceUtility.NET.dll. The issue results...
Trend Micro Control Manager BasePageSessionExpire External Entity Processing Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro Control Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within BasePageSessionExpire.cs. Due to the improper restriction of XML...
Trend Micro Control Manager RestfulServiceUtility.NET SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the SupportTree endpoint in RestfulServiceUtility.NET.dll. The issue results...
The vulnerability of the Service Control Manager (SCM) component in the Android operating system allows a hacker to bypass certificate verification.
The vulnerability of the Service Control Manager SCM component in the Android operating system exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to bypass certificate verification...
Trend Micro Control Manager XML External Entity Processing
An XML external entity processing vulnerability exists in Trend Micro Control Manager. The vulnerability is due to lack of validation of user-supplied input prior to executing an XML query. A remote, authenticated attacker could exploit this vulnerability by sending a malicious HTTP request to th...
Trend Micro Control Manager ProductTree_RightWindow XML External Entity Processing
An XML external entity XXE processing vulnerability exist in Trend Micro Control Manager. The vulnerability is due to lack of validation of user-supplied input prior to executing an XML query in ProductTreeRightWindow.aspx. A remote, authenticated attacker could exploit this vulnerability by...