Information disclosure

A server-side request forgery SSRF information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a specific sweep...

多款 Trend Micro 信息泄露漏洞

Trend Micro OfficeScan XG is a suite of distributed anti-virus software.Trend Micro Apex One is a suite of endpoint security software that provides automated threat detection and response. Trend Micro Worry-Free Business Security is a suite of enterprise-class information security protection...

CVE-2018-18332

A Trend Micro OfficeScan XG weak file permissions vulnerability may allow an attacker to potentially manipulate permissions on some key files to modify other files and folders on vulnerable installations...

Information disclosure

A Named Pipe Request Processing Out-of-Bounds Read Information Disclosure vulnerability in Trend Micro OfficeScan XG 12.0 could allow a local attacker to disclose sensitive information on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the...

CVE-2018-15364

A Named Pipe Request Processing Out-of-Bounds Read Information Disclosure vulnerability in Trend Micro OfficeScan XG 12.0 could allow a local attacker to disclose sensitive information on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the...

CVE-2017-14087

A Host Header Injection vulnerability in Trend Micro OfficeScan XG 12.0 may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages...

Design/Logic Flaw

A Host Header Injection vulnerability in Trend Micro OfficeScan XG 12.0 may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages...

CVE-2017-14087

CVE-2017-14087 is a Host Header Injection vulnerability in Trend Micro OfficeScan XG (12.0) and OfficeScan 11.x. Public materials in the provided documents indicate affected versions include OfficeScan 11.x pre-CP 6426 SP1 and 12.x pre-CP 1708. The issue allows an attacker to spoof the Host heade...

Trend Micro OfficeScan 11.0/XG (12.0) - Image File Execution Bypass

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/TRENDMICRO-OFFICESCAN-XG-IMAGE-FILE-EXECUTION-BYPASS.txt + ISR: ApparitionSec Vendor: ================== www.trendmicro.com Product: ======== OfficeScan v11.0 and XG 12.0...