Directory traversal

Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows local users to gain privileges by leveraging an unrestricted quarantine directory...

CVE-2017-9034

Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to write to arbitrary files and consequently execute arbitrary code with root privileges by leveraging failure to validate software updates...

Code injection

Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to eavesdrop and tamper with updates by leveraging unencrypted communications with update servers...

CVE-2017-9035

Trend Micro ServerProtect for Linux 3.0 (pre-CP 1531) is affected by multiple vulnerabilities in its update mechanism, including: unencrypted update communications allowing eavesdropping and tampering (CVE-2017-9035); unsigned/unvalidated update packages enabling overwrites of libraries and poten...

CVE-2017-9034

CVE-2017-9034 affects Trend Micro ServerProtect for Linux 3.0 prior to CP 1531. The vulnerability is in the update mechanism, where update packages are not signed/validated beyond size matching, allowing an attacker to overwrite sensitive files (e.g., libvsapi.so, libaction.so) and achieve remote...

CVE-2017-9036

Trend Micro ServerProtect for Linux 3.0 before CP 1531 contains a local privilege escalation flaw (CVE-2017-9036) where the Web-based Management Console allows the Quarantine directory to be set to any location. Root-owned files moved there can be written by a local user, enabling privilege escal...

CVE-2017-9035

Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to eavesdrop and tamper with updates by leveraging unencrypted communications with update servers...

CVE-2017-9037

CVE-2017-9037 affects Trend Micro ServerProtect for Linux 3.0 prior to CP 1531. The advisory/related reports document cross-site scripting vulnerabilities in notification.cgi and related CGI scripts, enabling an attacker to inject arbitrary script/HTML via parameters such as S44, S5, S_action_fai...

CVE-2017-9032

CVE-2017-9032 affects Trend Micro ServerProtect for Linux 3.0 prior to CP 1531. The vulnerability is a cross-site scripting flaw in the web interface’s log_management.cgi, where the T1 and tmLastConfigFileModifiedDate parameters can be abused to inject arbitrary script/HTML. Evidence in connected...

CVE-2017-9033

Cross-site request forgery CSRF vulnerability in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows remote attackers to hijack the authentication of users for requests to start an update from an arbitrary source via a crafted request to SProtectLinux/scanoptionset.cgi, related to the...

CVE-2017-9033

CVE-2017-9033 affects Trend Micro ServerProtect for Linux (version 3.0 prior to CP 1531). The Web-based Management Console lacks anti-CSRF tokens, enabling an attacker to submit authenticated requests to start an update from an arbitrary source via SProtectLinux/scanoption_set.cgi. The Core Secur...

CVE-2017-9032

Multiple cross-site scripting XSS vulnerabilities in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allow remote attackers to inject arbitrary web script or HTML via the 1 T1 or 2 tmLastConfigFileModifiedDate parameter to logmanagement.cgi...

CVE-2017-9037

Multiple cross-site scripting XSS vulnerabilities in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allow remote attackers to inject arbitrary web script or HTML via the 1 S44, 2 S5, 3 Sactionfail, 4 Sptnupdate, 5 T113, 6 T114, 7 T115, 8 T117117, 9 T118, 10 Tactionfail, 11 Tptnupdate, 12...

CVE-2017-9036

Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows local users to gain privileges by leveraging an unrestricted quarantine directory...

CVE-2017-9034

Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to write to arbitrary files and consequently execute arbitrary code with root privileges by leveraging failure to validate software updates...

Trend Micro ServerProtect for Linux Local Privilege Gain Vulnerability

Trend Micro ServerProtect for Linux is a Trend Micro Trend Micro in the United States, the company's antivirus software for Linux in the virus to be blocked before it reaches the end user to prevent the expansion of the entire network. A security vulnerability exists in Trend Micro ServerProtect...

Trend Micro ServerProtect for Linux Cross-Site Scripting Vulnerability (CNVD-2017-08788)

Trend Micro ServerProtect for Linux is a Trend Micro Trend Micro company for Linux in the virus before reaching the end-user to be blocked to prevent the expansion of the entire network of antivirus software. A cross-site scripting vulnerability exists in Trend Micro ServerProtect for Linux versi...

Trend Micro ServerProtect for Linux Cross-Site Scripting Vulnerability

Trend Micro ServerProtect for Linux is a Trend Micro Trend Micro company for Linux in the virus before reaching the end-user to be blocked to prevent the expansion of the entire network of antivirus software. A cross-site scripting vulnerability exists in Trend Micro ServerProtect for Linux versi...

Trend Micro ServerProtect for Linux Information Disclosure Vulnerability

Trend Micro ServerProtect for Linux is a Trend Micro Trend Micro company for Linux in the virus before reaching the end-user to be blocked to prevent the expansion of the entire network of antivirus software. A security vulnerability exists in Trend Micro ServerProtect for Linux version 3.0. The...

Trend Micro ServerProtect for Linux Cross-Site Request Forgery Vulnerability

Trend Micro ServerProtect for Linux is a Trend Micro Trend Micro company for Linux in the virus before reaching the end-user to be blocked to prevent the expansion of the entire network of antivirus software. A cross-site request forgery vulnerability exists in Trend Micro ServerProtect for Linux...