3 matches found
Trend Micro InterScan Messaging Security modTMCSS Command Injection (CVE-2017-11391; CVE-2017-11394)
A command injection vulnerability exists in Trend Micro InterScan Messaging Security virtual appliance. The vulnerability is due to improper validation of request parameters within the modTMCSS Proxy functionality. A remote, authenticated attacker could exploit the vulnerability by sending a...
CVE-2017-11391
Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "t" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4744...
CVE-2017-11391
CVE-2017-11391 describes a proxy command injection in Trend Micro InterScan Messaging Virtual Appliance (IMSVA) 9.0 and 9.1. The flaw arises from improper validation of parameters in the modTMCSS Proxy function, specifically when parsing the unsigned input in the t parameter, allowing a remote at...