74 matches found
Trend Micro Interscan Web Security Virtual Appliance Detection (SSH Login)
SSH login-based detection of Trend Micro Interscan Web Security Virtual Appliance IWSVA. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if...
CVE-2014-8510
The AdminUI in Trend Micro InterScan Web Security Virtual Appliance IWSVA before 6.0 HF build 1244 allows remote authenticated users to read arbitrary files via vectors related to configuration input when saving filters...
Trend Micro InterScan Web Security Virtual Appliance Information Disclosure Vulnerability
This vulnerability allows remote attackers to read files from the underlying operating system on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance web application authentication is required to exploit this vulnerability. The specific flaw exists within multiple area...
CVE-2014-3922
CVE-2014-3922 is an XSS vulnerability in Trend Micro InterScan Messaging Security Virtual Appliance 8.5.1.1516. The flaw allows remote authenticated users to inject arbitrary web script or HTML via the addWhiteListDomainStr parameter to addWhiteListDomain.imss. According to the NVD entry, the CVS...
CVE-2012-2995
Multiple cross-site scripting XSS vulnerabilities in Trend Micro InterScan Messaging Security Suite 7.1-BuildWin321394 allow remote attackers to inject arbitrary web script or HTML via 1 the wrsApprovedURL parameter to addRuleAttrWrsApproveUrl.imss or 2 the src parameter to initUpdSchPage.imss...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in saveAccountSubTab.imss in Trend Micro InterScan Messaging Security Suite 7.1-BuildWin321394 allows remote attackers to hijack the authentication of administrators for requests that create admin accounts via a saveAuth action...
CVE-2012-2996
Cross-site request forgery CSRF vulnerability in saveAccountSubTab.imss in Trend Micro InterScan Messaging Security Suite 7.1-BuildWin321394 allows remote attackers to hijack the authentication of administrators for requests that create admin accounts via a saveAuth action...
CVE-2012-2995
Multiple cross-site scripting XSS vulnerabilities in Trend Micro InterScan Messaging Security Suite 7.1-BuildWin321394 allow remote attackers to inject arbitrary web script or HTML via 1 the wrsApprovedURL parameter to addRuleAttrWrsApproveUrl.imss or 2 the src parameter to initUpdSchPage.imss...
Trend Micro InterScan Messaging Security Suite XSS / CSRF
Exploit Title: Trend Micro InterScan Messaging Security Suite Stored XSS and CSRF Date: 13/09/2012 Exploit Author: modpr0be modpr0beatspentera.com Vendor Homepage: http://www.trendmicro.com Software Link: http://www.trendmicro.com/ftp/products/interscan/IMSSv7.1Win1394.zip Version:...
Trend Micro Interscan Messaging Security Suite - Persistent Cross-Site Scripting Cross-Site Request Forgery
Trend Micro Interscan Messaging Security Suite - Persistent Cross-Site Scripting Cross-Site Request Forgery Exploit Title: Trend Micro InterScan Messaging Security Suite Stored XSS and CSRF Date: 13/09/2012 Exploit Author: modpr0be modpr0beatspentera.com Vendor Homepage: http://www.trendmicro.com...
Trend Micro InterScan Web Security Suite Local Privilege Escalation
Added: 12/09/2011 BID: 50380 OSVDB: 76637 Background Trend Micro InterScan Web Security Suite is an application which dynamically defends against web-based attacks at the Internet gateway. Problem Trend Micro InterScan Web Security Suite is vulnerable to local privilege escalation vulnerability...
Trend Micro InterScan Web Security Suite Local Privilege Escalation
Added: 12/09/2011 BID: 50380 OSVDB: 76637 Background Trend Micro InterScan Web Security Suite is an application which dynamically defends against web-based attacks at the Internet gateway. Problem Trend Micro InterScan Web Security Suite is vulnerable to local privilege escalation vulnerability...
Trend Micro InterScan Web Security Suite Local Privilege Escalation
Added: 12/09/2011 BID: 50380 OSVDB: 76637 Background Trend Micro InterScan Web Security Suite is an application which dynamically defends against web-based attacks at the Internet gateway. Problem Trend Micro InterScan Web Security Suite is vulnerable to local privilege escalation vulnerability...
Trend Micro InterScan Web Security Suite Local Privilege Escalation
Added: 12/09/2011 BID: 50380 OSVDB: 76637 Background Trend Micro InterScan Web Security Suite is an application which dynamically defends against web-based attacks at the Internet gateway. Problem Trend Micro InterScan Web Security Suite is vulnerable to local privilege escalation vulnerability...
Trend Micro InterScan Web Security Suite "patchCmd" 权限提升漏洞
趋势科技的InterScan Web Security Suite(IWSS)在网关处针对基于Web方式的攻击为企业网络提供动态的、集成式的安全保护。 Trend Micro InterScan Web Security Suite for Linux在实现上存在安全漏洞,恶意本地用户可利用此漏洞提升权限。 此漏洞源于在执行某些操作时setuid/setgid root /opt/trend/iwss/data/patch/bin/patchCmd的错误,可通过在CWD中创建PatchExe.sh或RollbackExe.sh脚本获取root权限并执行该二进制文件。 Trend Micr...
CVE-2001-1574
Buffer overflow in 1 HttpSaveCVP.dll and 2 HttpSaveCSP.dll in Trend Micro InterScan VirusWall 3.5.1 allows remote attackers to execute arbitrary code...
CVE-2004-1859
Summary: CVE-2004-1859 is a directory traversal vulnerability in Trend Micro Interscan VirusWall, specifically affecting the web server component ishttpd. An attacker can remotely read arbitrary files by using a .. (dot dot) in the URL. Affected component: ishttpd within Trend Micro Interscan Vir...
CVE-2004-1859
Directory traversal vulnerability in Trend Micro Interscan Web Viruswall in InterScan VirusWall 3.5x allows remote attackers to read arbitrary files via a .. dot dot in the URL...
CVE-2002-0440
Trend Micro InterScan VirusWall HTTP proxy 3.6 with the "Skip scanning if Content-length equals 0" option enabled allows malicious web servers to bypass content scanning via a Content-length header set to 0, which is often ignored by HTTP clients...
CVE-2001-0958
CVE-2001-0958 affects Trend Micro InterScan eManager for NT Ver.3.51 (English) and NT Ver.3.51J. The vulnerability is a remotely exploitable buffer overflow in the eManager CGI interface, caused by long arguments to multiple DLLs (register.dll, ContentFilter.dll, SFNofitication.dll, TOP10.dll, Sp...