Trend Micro SafeSync for Enterprise dead_local_device Command Injection

A command injection vulnerability exists in Trend Micro's SafeSync for Enterprise. The vulnerability is due to insufficient validation of the user-supplied parameters in the deadlocaldevice function. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to...

Trend Micro SafeSync for Enterprise replace_local_disk Command Injection

A command injection vulnerability exists in Trend Micro's SafeSync for Enterprise. The vulnerability is due to insufficient validation of the user-supplied parameters in replacelocaldisk function. A remote, authenticated attacker could exploit this vulnerability by sending crafted input to the...

Trend Micro SafeSync for Enterprise check_nfs_server_status Command Injection

A command injection vulnerability exists in Trend Micro's SafeSync for Enterprise. The vulnerability is due to insufficient validation of the user-supplied parameters in checknfsserverstatus function. A remote, authenticated attacker could exploit this vulnerability by sending a crafted input to...

Trend Micro SafeSync for Enterprise license Command Injection

A command injection vulnerability exists in Trend Micro's SafeSync for Enterprise. The vulnerability is due to insufficient validation of the user-supplied parameter sent to the license end point. A remote, authenticated attacker could exploit this vulnerability by sending a crafted input to the...

Trend Micro SafeSync for Enterprise deviceTool.pm get_nic_device SQL Injection

An SQL Injection vulnerability exists in Trend Micro's SafeSync's deviceTool.pm Perl module. The vulnerability is due to insufficient validation of the user-supplied role or role parameter when sending a query to get the information about a SafeSync nic device. A remote, authenticated, attacker...

Trend Micro SafeSync for Enterprise deviceTool.pm get_device_info SQL Injection

An SQL Injection vulnerability exists in Trend Micro's SafeSync for Enterprise deviceTool.pm page. The vulnerability is due to insufficient validation of the user-supplied role or deviceid parameter when sending a query to get the information about a SafeSync storage device. A remote,...

Trend Micro SafeSync for Enterprise Authentication Bypass

The Trend Micro SafeSync for Enterprise SSFE application running on the remote host is affected by an authentication bypass vulnerability. An unauthenticated, remote attacker can exploit this, via a series of HTTP PUT requests using specially crafted parameters, to disclose the valid, unexpired...

Trend Micro SafeSync for Enterprise (SSFE) Detection

Binary data trendmicrossfedetect.nbin...

Trend Micro SafeSync for Enterprise deviceTool.pm devid Command Injection

A command injection vulnerability exists in Trend Micro's SafeSync for Enterprise. The vulnerability is due to insufficient validation of user-supplied HTTP parameters. A remote, authenticated attacker could exploit this vulnerability by sending a crafted input to the vulnerable system...

Trend Micro SafeSync for Enterprise rollback Command Injection

A command injection vulnerability exists in Trend Micro's SafeSync for Enterprise. The vulnerability is due to insufficient validation of the user-supplied parameter sent to the rollback end point. A remote, authenticated attacker could exploit this vulnerability by sending a crafted input to the...

Trend Micro SafeSync for Enterprise storage.pm discovery_iscsi_device Command Injection

A command injection vulnerability exists in Trend Micro's SafeSync for Enterprise storage pm page. The vulnerability is due to insufficient validation of the user-supplied parameters defining an iSCSI device to be discovered. A remote, authenticated attacker could exploit this vulnerability by...

Trend Micro SafeSync for Enterprise storage.pm device_id role Command Injection

A command injection vulnerability exists in Trend Micro's SafeSync for Enterprise storage.pm page. The vulnerability is due to insufficient validation of the user-supplied role and deviceid parameters. A remote, authenticated attacker could exploit this vulnerability by sending a crafted input to...

Trend Micro SafeSync for Enterprise restartService Command Injection

A command injection vulnerability exists in Trend Micro's SafeSync for Enterprise. The vulnerability is due to insufficient validation of the user-supplied parameter sent to restartService end point. A remote, authenticated attacker could exploit this vulnerability by sending a crafted input to t...

Multiple Vulnerabilities in Trend Micro SafeSync for Enterprise

SafeSync for Enterprise is a Miscellaneous Shareware software developed by Trend Micro in category. Trend Micro SafeSync for Enterprise contains multiple security vulnerabilities. An attacker could use the vulnerabilities to execute arbitrary code, corrupt the application, access or modify data,...

Trend Micro SafeSync for Enterprise 3.2 get_replacement RCE

Remote command execution vulnerability in Trend Micro SafeSync for Enterprise getreplacement Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...

Trend Micro SafeSync for Enterprise 3.2 check_nfs_server_status RCE

Remote command execution vulnerability in Trend Micro SafeSync for Enterprise checknfsserverstatus Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...

Trend Micro SafeSync for Enterprise replace_local_disk Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro SafeSync for Enterprise. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

Trend Micro SafeSync for Enterprise get_replacement Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro SafeSync for Enterprise. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

Trend Micro SafeSync for Enterprise get_nic_device SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro SafeSync for Enterprise. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists withi...

Trend Micro SafeSync for Enterprise mount_local_device Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro SafeSync for Enterprise. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...