Directory traversal

Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows local users to gain privileges by leveraging an unrestricted quarantine directory...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows remote attackers to hijack the authentication of users for requests to start an update from an arbitrary source via a crafted request to SProtectLinux/scanoptionset.cgi, related to the...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allow remote attackers to inject arbitrary web script or HTML via the 1 T1 or 2 tmLastConfigFileModifiedDate parameter to logmanagement.cgi...

Code injection

Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to eavesdrop and tamper with updates by leveraging unencrypted communications with update servers...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allow remote attackers to inject arbitrary web script or HTML via the 1 S44, 2 S5, 3 Sactionfail, 4 Sptnupdate, 5 T113, 6 T114, 7 T115, 8 T117117, 9 T118, 10 Tactionfail, 11 Tptnupdate, 12...

CVE-2017-9033

Cross-site request forgery CSRF vulnerability in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows remote attackers to hijack the authentication of users for requests to start an update from an arbitrary source via a crafted request to SProtectLinux/scanoptionset.cgi, related to the...

CVE-2017-9034

Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to write to arbitrary files and consequently execute arbitrary code with root privileges by leveraging failure to validate software updates...

CVE-2017-9033

CVE-2017-9033 affects Trend Micro ServerProtect for Linux (version 3.0 prior to CP 1531). The Web-based Management Console lacks anti-CSRF tokens, enabling an attacker to submit authenticated requests to start an update from an arbitrary source via SProtectLinux/scanoption_set.cgi. The Core Secur...

CVE-2017-9035

Trend Micro ServerProtect for Linux 3.0 (pre-CP 1531) is affected by multiple vulnerabilities in its update mechanism, including: unencrypted update communications allowing eavesdropping and tampering (CVE-2017-9035); unsigned/unvalidated update packages enabling overwrites of libraries and poten...

CVE-2017-9037

CVE-2017-9037 affects Trend Micro ServerProtect for Linux 3.0 prior to CP 1531. The advisory/related reports document cross-site scripting vulnerabilities in notification.cgi and related CGI scripts, enabling an attacker to inject arbitrary script/HTML via parameters such as S44, S5, S_action_fai...

CVE-2017-9032

Multiple cross-site scripting XSS vulnerabilities in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allow remote attackers to inject arbitrary web script or HTML via the 1 T1 or 2 tmLastConfigFileModifiedDate parameter to logmanagement.cgi...

CVE-2017-9033

Cross-site request forgery CSRF vulnerability in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows remote attackers to hijack the authentication of users for requests to start an update from an arbitrary source via a crafted request to SProtectLinux/scanoptionset.cgi, related to the...

CVE-2017-9034

Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to write to arbitrary files and consequently execute arbitrary code with root privileges by leveraging failure to validate software updates...

CVE-2017-9035

Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to eavesdrop and tamper with updates by leveraging unencrypted communications with update servers...

CVE-2017-9036

Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows local users to gain privileges by leveraging an unrestricted quarantine directory...

CVE-2017-9037

Multiple cross-site scripting XSS vulnerabilities in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allow remote attackers to inject arbitrary web script or HTML via the 1 S44, 2 S5, 3 Sactionfail, 4 Sptnupdate, 5 T113, 6 T114, 7 T115, 8 T117117, 9 T118, 10 Tactionfail, 11 Tptnupdate, 12...

CVE-2017-9036

Trend Micro ServerProtect for Linux 3.0 before CP 1531 contains a local privilege escalation flaw (CVE-2017-9036) where the Web-based Management Console allows the Quarantine directory to be set to any location. Root-owned files moved there can be written by a local user, enabling privilege escal...

CVE-2017-9032

CVE-2017-9032 affects Trend Micro ServerProtect for Linux 3.0 prior to CP 1531. The vulnerability is a cross-site scripting flaw in the web interface’s log_management.cgi, where the T1 and tmLastConfigFileModifiedDate parameters can be abused to inject arbitrary script/HTML. Evidence in connected...

CVE-2017-9034

CVE-2017-9034 affects Trend Micro ServerProtect for Linux 3.0 prior to CP 1531. The vulnerability is in the update mechanism, where update packages are not signed/validated beyond size matching, allowing an attacker to overwrite sensitive files (e.g., libvsapi.so, libaction.so) and achieve remote...

Trend Micro ServerProtect for Linux Arbitrary File Write Vulnerability

Trend Micro ServerProtect for Linux is a Trend Micro Trend Micro company for Linux in the virus before reaching the end-user to be blocked to prevent the expansion of the entire network of antivirus software. A security vulnerability exists in Trend Micro ServerProtect for Linux version 3.0. The...