EUVD-2018-15456

Malware in sbrugna...

Sql injection

An AdHocQueryProcessor SQL injection remote code execution RCE vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations...

CVE-2018-3602

The CVE-2018-3602 issue affects Trend Micro Control Manager 6.0 via an AdHocQuery_Processor SQL Injection that enables remote code execution. The root cause is improper validation of a user-supplied string used to build SQL queries within the GetProductCategory method of the AdHocQuery_Processor ...

Trend Micro Control Manager AdHocQuery_Processor ProductLogQuery SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

Trend Micro Control Manager sp_DDI_GetInterestedIPByJobID2 SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

Trend Micro Control Manager AdHocQuery_Processor External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within...