7 matches found
Design/Logic Flaw
Profinet-IO PNIO stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of service condition due to lack of memory for devices that include a vulnerable...
CVE-2019-13946
Profinet-IO PNIO stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of service condition due to lack of memory for devices that include a vulnerable...
Trend Micro ServerProtect StRpcSrv.dll RPC接口不安全实现方式漏洞
BUGTRAQ ID: 26912 Trend ServerProtect是一款企业级反病毒程序。 ServerProtect的SpntSvc.exe守护程序处理请求数据时存在漏洞,远程攻击者可能利用此漏洞控制服务器。 ServerProtect中默认绑定到TCP 5168端口上的SpntSvc.exe守护程序通过TmRpcSrv.dll库暴露以下DCE/RPC接口: / opcode: 0x00, address: 0x65741030 / errorstatust sub65741030 in handlet arg1, in long arg2, insizeisarg4 byte...
Code injection
SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for Windows, before Security Patch 4, exposes unspecified dangerous sub-functions from StRpcSrv.dll in the DCE/RPC interface, which allows remote attackers to obtain "full file system access" and execute arbitrary code...
ZDI-07-077: Trend Micro ServerProtect StRpcSrv.dll Insecure Method Exposure Vulnerability
ZDI-07-077: Trend Micro ServerProtect StRpcSrv.dll Insecure Method Exposure Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-07-077.html December 17, 2007 -- CVE ID: -- Affected Vendor: Trend Micro -- Affected Products: ServerProtect v5.58 -- TippingPointTM IPS Customer Protection:...
Trend Micro ServerProtect AgRpcCln.dll Stack Overflow Vulnerability
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Trend Micro ServerProtect. Authentication is not required to exploit this vulnerability. The specific flaw exists in the SpntSvc.exe daemon, bound by default on TCP port 5168 and exposing the following...
Trend Micro ServerProtect EarthAgent Stack Overflow Vulnerability
These vulnerabilities allow attackers to execute arbitrary code on vulnerable installations of Trend Micro ServerProtect. Authentication is not required to exploit these vulnerabilities. The specific flaw exists in the EarthAgent.exe daemon, bound by default on TCP port 3628 and exposing the...