137 matches found
CVE-2014-8510
CVE-2014-8510 affects Trend Micro InterScan Web Security Virtual Appliance (IWSVA) AdminUI prior to 6.0 HF build 1244. Multiple information-disclosure vulnerabilities allow remote authenticated attackers to read arbitrary files via configuration input handling when saving filters. Public sources ...
InterScan Web Security 5.0 Permanent XSS
No description provided by source. Exploit Title: Permanent XSS in InterScan Web Security Virtual Appliance 5.0 Author: Ivan Huertas Software Link: http://downloadcenter.trendmicro.com/index.php?clk=tbl&clkval=249®s=NABU&langloc=1 Version: 5.0 Tested on: Red Hat Nash 5.1 Code : POST...
InterScan Web Security 5.0 - Arbitrary File Upload & Local Privilege Escalation
No description provided by source...
InterScan Web Security Virtual Appliance 5.0 - Arbitrary File Download
No description provided by source...
Trend Micro InterScan Web Security Suite Local Privilege Escalation
Added: 12/09/2011 BID: 50380 OSVDB: 76637 Background Trend Micro InterScan Web Security Suite is an application which dynamically defends against web-based attacks at the Internet gateway. Problem Trend Micro InterScan Web Security Suite is vulnerable to local privilege escalation vulnerability...
Trend Micro InterScan Web Security Suite Local Privilege Escalation
Added: 12/09/2011 BID: 50380 OSVDB: 76637 Background Trend Micro InterScan Web Security Suite is an application which dynamically defends against web-based attacks at the Internet gateway. Problem Trend Micro InterScan Web Security Suite is vulnerable to local privilege escalation vulnerability...
Trend Micro InterScan Web Security Suite Local Privilege Escalation
Added: 12/09/2011 BID: 50380 OSVDB: 76637 Background Trend Micro InterScan Web Security Suite is an application which dynamically defends against web-based attacks at the Internet gateway. Problem Trend Micro InterScan Web Security Suite is vulnerable to local privilege escalation vulnerability...
Trend Micro InterScan Web Security Suite "patchCmd" 权限提升漏洞
趋势科技的InterScan Web Security Suite(IWSS)在网关处针对基于Web方式的攻击为企业网络提供动态的、集成式的安全保护。 Trend Micro InterScan Web Security Suite for Linux在实现上存在安全漏洞,恶意本地用户可利用此漏洞提升权限。 此漏洞源于在执行某些操作时setuid/setgid root /opt/trend/iwss/data/patch/bin/patchCmd的错误,可通过在CWD中创建PatchExe.sh或RollbackExe.sh脚本获取root权限并执行该二进制文件。 Trend Micr...
Interscan Web Security 5.0 - Persistent Cross-Site Scripting
Exploit Title: Permanent XSS in InterScan Web Security Virtual Appliance 5.0 Author: Ivan Huertas Software Link: http://downloadcenter.trendmicro.com/index.php?clk=tbl&clkval=249®s=NABU&langloc=1 Version: 5.0 Tested on: Red Hat Nash 5.1 Code : POST /loginaccountaddmodify.jsp HTTP/1.1 Host:...
Interscan Web Security 5.0 - Persistent Cross-Site Scripting
Interscan Web Security 5.0 - Persistent Cross-Site Scripting Exploit Title: Permanent XSS in InterScan Web Security Virtual Appliance 5.0 Author: Ivan Huertas Software Link: http://downloadcenter.trendmicro.com/index.php?clk=tbl&clkval=249®s=NABU&langloc=1 Version: 5.0 Tested on: Red Hat Nash...
InterScan Web Security Virtual Appliance本地权限提升和任意文件上传/下载漏洞
BUGTRAQ ID: 41072 InterScan Web Security Virtual Appliance是一款能安装在VMware平台上的网页过滤产品。 InterScan Web Security Virtual Appliance没有正确地过滤提交给/servlet/com.trend.iwss.gui.servlet.exportreport的 exportname"参数和提交给/servlet/com.trend.iwss.gui.servlet.ConfigBackup的 pkgname参数,远程攻击者可以通过目录遍历攻击从系统下载任意文件。 InterScan W...
Interscan Web Security Virtual Appliance 5.0 - Arbitrary File Download
Exploit Title: Arbitrary File Download in InterScan Web Security Virtual Appliance 5.0 Date: 22-06-2010 Author: Ivan Huertas Software Link: http://downloadcenter.trendmicro.com/index.php?clk=tbl&clkval=249®s=NABU?loc=1 Version: 5.0 Tested on: Red Hat Nash 5.1 Vulnerability Description: The...
Interscan Web Security 5.0 - Arbitrary File Upload / Privilege Escalation
Advisory Name: Local Privilege Escalation in InterScan Web Security Virtual Apliance 5.0 Internal Cybsec Advisory Id: 2010-0604 Vulnerability Class: Local Privilege Escalation Release Date: 22-06-2010 Affected Applications: InterScan Web Security Virtual Aplliance 5.0. Other versions may be...
Interscan Web Security 5.0 - Arbitrary File Upload Privilege Escalation
Interscan Web Security 5.0 - Arbitrary File Upload Privilege Escalation Advisory Name: Local Privilege Escalation in InterScan Web Security Virtual Apliance 5.0 Internal Cybsec Advisory Id: 2010-0604 Vulnerability Class: Local Privilege Escalation Release Date: 22-06-2010 Affected Applications:...
Interscan Web Security Virtual Appliance 5.0 - Arbitrary File Download
Interscan Web Security Virtual Appliance 5.0 - Arbitrary File Download Exploit Title: Arbitrary File Download in InterScan Web Security Virtual Appliance 5.0 Date: 22-06-2010 Author: Ivan Huertas Software Link: http://downloadcenter.trendmicro.com/index.php?clk=tbl&clkval=249®s=NABU?loc=1...
Authorization
Trend Micro InterScan Web Security Virtual Appliance IWSVA 3.x and InterScan Web Security Suite IWSS 3.x, when basic authorization is enabled on the standalone proxy, forwards the Proxy-Authorization header from Windows Media Player, which allows remote web servers to obtain credentials by offeri...
趋势科技InterScan Web Security Suite绕过安全限制漏洞
BUGTRAQ ID: 33679 趋势科技的InterScan Web Security Suite(IWSS)在网关处针对基于Web方式的攻击为企业网络提供动态的、集成式的安全保护。 IWSS的多个JSP页面存在访问控制错误,非管理权限帐户(Auditor和Report Only)可以非授权修改某些配置值,如创建管理员帐号。 Trend Micro InterScan Web Security Suite 3.1 厂商补丁: Trend Micro ----------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...