17 matches found
EUVD-2017-5608
Malware in sbrugna...
EUVD-2018-17998
Malware in sbrugna...
Remote code execution
A SQL injection remote code execution vulnerability in Trend Micro Smart Protection Server Standalone 3.x could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw within the handling of parameters provided to wcs\bwlists\handler.php. Authentication is...
CVE-2018-10350
A SQL injection remote code execution vulnerability in Trend Micro Smart Protection Server Standalone 3.x could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw within the handling of parameters provided to wcs\bwlists\handler.php. Authentication is...
CVE-2018-6237
A vulnerability in Trend Micro Smart Protection Server Standalone 3.x could allow an unauthenticated remote attacker to manipulate the product to send a large number of specially crafted HTTP requests to potentially cause the file system to fill up, eventually causing a denial of service DoS...
CVE-2018-6237
A vulnerability in Trend Micro Smart Protection Server Standalone 3.x could allow an unauthenticated remote attacker to manipulate the product to send a large number of specially crafted HTTP requests to potentially cause the file system to fill up, eventually causing a denial of service DoS...
CVE-2018-10350
A SQL injection remote code execution vulnerability in Trend Micro Smart Protection Server Standalone 3.x could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw within the handling of parameters provided to wcs\bwlists\handler.php. Authentication is...
Trend Micro Smart Protection Server Multiple Vulnerabilities (1119385)
Trend Micro Smart Protection Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Command injection
A server auth command injection authentication bypass vulnerability in Trend Micro Smart Protection Server Standalone versions 3.3 and below could allow remote attackers to escalate privileges on vulnerable installations...
CVE-2017-14096
A stored cross site scripting XSS vulnerability in Trend Micro Smart Protection Server Standalone versions 3.2 and below could allow an attacker to execute a malicious payload on vulnerable systems...
Design/Logic Flaw
A vulnerability in Trend Micro Smart Protection Server Standalone versions 3.2 and below could allow an attacker to perform remote command execution via a cron job injection on a vulnerable system...
CVE-2017-11398
CVE-2017-11398 affects Trend Micro Smart Protection Server (Standalone)
Trend Micro Smart Protection Server Detection (HTTP)
Detection of Trend Micro Smart Protection Server. This script performs a HTTP based detection of Trend Micro Smart Protection Server. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
CVE-2017-11395
Command injection vulnerability in Trend Micro Smart Protection Server Standalone 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnerable installations...
Trend Micro Smart Protection Server wcs_bwlists_handler Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Smart Protection Server. Authentication is required to exploit this vulnerability. The specific flaw exists within wcsbwlistshandler.php. The issue results from the lack of proper...
CVE-2016-6266
cccaajaxhandler.php in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the 1 host or 2 apikey parameter in a register action, 3 enable parameter ...
Trend Micro Smart Protection Server admin_notification.php Command Injection (CVE-2016-6267)
A remote code execution vulnerability exists in the adminnotification.php script of Trend Micro Smart Protection Server. The vulnerability is due to insufficient validation of user-supplied input. A remote, authenticated attacker could exploit this vulnerability by providing crafted input to the...