51 matches found
TrendAI Apex One Console Directory Traversal Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Apex One console, which listens on TCP ports 8080 and 4343 by default. The issu...
EUVD-2019-7991
Malware in sbrugna...
Trend Micro Apex One Console Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Apex One console, which listens on TCP ports 8080 and 4343 by default. The issu...
PT-2025-31532 · Undefined · Undefined
An unrestricted file upload vulnerability exists in Kaseya KServer versions prior to 6.3.0.2. The uploadImage.asp endpoint allows unauthenticated users to upload files to arbitrary paths via a crafted filename parameter in a multipart/form-data POST request. Due to the lack of authentication and...
Trend Micro Apex Central widget WFProxy Local File Inclusion Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the getObjWGFServiceApiByApiName function. The issue results from the lack of prope...
Trend Micro Apex One Local File Inclusion Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Apex One we...
Trend Micro Apex Central modTMMS SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of deletecertvec requests to the modTMMS endpoint. When parsing the ...
Trend Micro Apex Central modTMMS SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of setcertificatesconfig requests to the modTMMS endpoint. When...
Trend Micro Mobile Security for Enterprises widgetforsecurity getWidgetPoolManager Local File Inclusion Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Mobile Security for Enterprises. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within...
Trend Micro Mobile Security for Enterprises widgetforsecurity set_certificates_config Unrestricted File Upload Vulnerability
This vulnerability allows remote attackers to create arbitrary files on affected installations of Trend Micro Mobile Security for Enterprises. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within...
Trend Micro Mobile Security for Enterprises widget set_certificates_config Unrestricted File Upload Vulnerability
This vulnerability allows remote attackers to create arbitrary files on affected installations of Trend Micro Mobile Security for Enterprises. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within...
Trend Micro Mobile Security for Enterprises widget getWidgetPoolManager Local File Inclusion Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Mobile Security for Enterprises. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within...
Microsoft SharePoint WSSXmlUrlResolver Server-Side Request Forgery Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The specific flaw exists within the WSSXmlUrlResolver class. The issue results from the lack of proper validati...
Command injection
Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could potentially lead to remote code execution RCE. The remote process execution is bound to the IUSR...
Advantech WebAccess Node Product Installation File Access Control Modification Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privilege on vulnerable installations of Advantech WebAccess Node. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the access...
Design/Logic Flaw
A vulnerability allows local attackers to escalate privilege on Rapid Scada 5.5.0 because of weak C:\SCADA permissions. The specific flaw exists within the access control that is set and modified during the installation of the product. The product sets weak access control restrictions. An attacke...
CVE-2018-5313
A vulnerability allows local attackers to escalate privilege on Rapid Scada 5.5.0 because of weak C:\SCADA permissions. The specific flaw exists within the access control that is set and modified during the installation of the product. The product sets weak access control restrictions. An attacke...
CVE-2018-5313
A vulnerability allows local attackers to escalate privilege on Rapid Scada 5.5.0 because of weak C:\SCADA permissions. The specific flaw exists within the access control that is set and modified during the installation of the product. The product sets weak access control restrictions. An attacke...
Rapid Scada 5.5.0 Insecure Permissions Vulnerability
Exploit for windows platform in category local exploits Rapid Scada - 5.5.0 - Insecure Permissions ------------------------------------------------------- Author: - Filipe Xavier Oliveira: icacls SCADA SCADA BUILTIN\Administrators:IF BUILTIN\Administrators:IOICIIOF NT AUTHORITY\SYSTEM:IF NT...
Trend Micro Mobile Security for Enterprise upload_wallpaper_file Unrestricted File Upload Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the uploadwallpaperfile action. The issue...