Trend Micro Control Manager ad hoc query Module SQL Injection (CVE-2012-2998)

An SQL injection vulnerability has been reported in Trend Micro Control Manager...

Trend Micro Control Manager AdHocQuery_Processor.aspx id Parameter SQL Injection

Trend Micro Control Manager, a centralized threat and data protection management application, is installed on the remote Windows host and is potentially affected by a SQL injection vulnerability because the application fails to properly sanitize user-supplied input to the 'id' parameter of the...

CVE-2012-2998

SQL injection vulnerability in the ad hoc query module in Trend Micro Control Manager TMCM before 5.5.0.1823 and 6.0 before 6.0.0.1449 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

Sql injection

SQL injection vulnerability in the ad hoc query module in Trend Micro Control Manager TMCM before 5.5.0.1823 and 6.0 before 6.0.0.1449 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2012-2998

SQL injection vulnerability in the ad hoc query module in Trend Micro Control Manager TMCM before 5.5.0.1823 and 6.0 before 6.0.0.1449 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2012-2998

Affected product: Trend Micro Control Manager (TMCM). Vulnerable component: Ad hoc query module (AdHocQuery_Processor.aspx path, AdHocQuery.NET.dll scope in TMCM). Root cause: SQL injection in the ad hoc query module. Impact: Remote attackers could execute arbitrary SQL commands against the backe...

Trend Micro Control Manager vulnerable to SQL injection

Overview Trend Micro Control Manager contains a SQL injection vulnerability. Trend Micro Control Manager contains a vulnerability in the ad hoc query module, which may result in SQL injection. Tom Gregory and Mada R Perdhana of Spentera reported this vulnerability to JPCERT/CC. JPCERT/CC...

Trend Micro Control Manager 5.5/6.0 AdHocQuery BlindSQL Injection (post-auth)

Exploit for asp platform in category web applications !/usr/bin/env python Exploit Title: Trend Micro Control Manager 5.5/6.0 AdHocQuery BlindSQL Injection post-auth Disclosure Date: 09/27/2012 Author: otoy @otoyrood & modpr0be @modpr0be Contact: researchatspentera.com Platform: Windows Tested on...

Trend Micro Control Manager 5.5 / 6.0 Blind SQL Injection

!/usr/bin/env python Exploit Title: Trend Micro Control Manager 5.5/6.0 AdHocQuery BlindSQL Injection post-auth Disclosure Date: 09/27/2012 Author: otoy @otoyrood & modpr0be @modpr0be Contact: researchatspentera.com Platform: Windows Tested on: Windows 2003 Standard Edition Software Link:...

JVN#42014489: Trend Micro Control Manager vulnerable to SQL injection

Trend Micro Control Manager contains a vulnerability in the ad hoc query module, which may result in SQL injection. Impact An arbitrary SQL command may be executed in the backend database the product is referencing. Solution Apply a patch Apply the appropriate patch according to the information...

Trend Micro Control Manager 5.56.0 AdHocQuery - (Authenticated) Blind SQL Injection

Trend Micro Control Manager 5.56.0 AdHocQuery - Authenticated Blind SQL Injection !/usr/bin/env python Exploit Title: Trend Micro Control Manager 5.5/6.0 AdHocQuery BlindSQL Injection post-auth Disclosure Date: 09/27/2012 Author: otoy @otoyrood & modpr0be @modpr0be Contact: researchatspentera.com...

Trend Micro Control Manager 5.5/6.0 AdHocQuery - (Authenticated) Blind SQL Injection

!/usr/bin/env python Exploit Title: Trend Micro Control Manager 5.5/6.0 AdHocQuery BlindSQL Injection post-auth Disclosure Date: 09/27/2012 Author: otoy @otoyrood & modpr0be @modpr0be Contact: researchatspentera.com Platform: Windows Tested on: Windows 2003 Standard Edition Software Link:...

Trend Micro Control Manager adhoc query vulnerability

Overview Trend Micro Control Manager fails to properly filter user-supplied input within the ad hoc query module which could allow an attacker to upload and execute arbitrary code against the system. Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL...

Trend Micro Control Manager 'CmdProcessor.exe' Buffer Overflow Vulnerability

Trend Micro Control Manager is prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Trend Micro Control Manager CmdProcessor.exe AddTask Stack Buffer Overflow (CVE-2011-5001)

A stack buffer overflow vulnerability has been reported in Trend Micro Control Manager...

Trend Micro Control Manager CmdProcessor.exe Detection

Binary data tmcmcmdprocessordetect.nbin...

Trend Micro Control Manager CmdProcessor.exe Remote Buffer Overflow (uncredentialed check)

Binary data tmcmcmdprocessoraddtaskbofremote.nbin...

Trend Micro Control Manager AddTask buffer overflow

Added: 01/16/2012 CVE: CVE-2011-5001 BID: 50965 OSVDB: 77585 Background Trend Micro Control Manager streamlines administration of Trend Micro security solutions. Problem A buffer overflow vulnerability in the AddTask function allows remote attackers to execute arbitrary code by sending a speciall...

Trend Micro Control Manager AddTask buffer overflow

Added: 01/16/2012 CVE: CVE-2011-5001 BID: 50965 OSVDB: 77585 Background Trend Micro Control Manager streamlines administration of Trend Micro security solutions. Problem A buffer overflow vulnerability in the AddTask function allows remote attackers to execute arbitrary code by sending a speciall...

Trend Micro Control Manager AddTask buffer overflow

Added: 01/16/2012 CVE: CVE-2011-5001 BID: 50965 OSVDB: 77585 Background Trend Micro Control Manager streamlines administration of Trend Micro security solutions. Problem A buffer overflow vulnerability in the AddTask function allows remote attackers to execute arbitrary code by sending a speciall...