Trend Micro Threat Discovery Appliance 2.6.1062r1 - Authentication Bypass

Trend Micro Threat Discovery Appliance 2.6.1062r1 is vulnerable to a directory traversal vulnerability when processing a sessionid cookie, which allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS. id: CVE-2016-7552...

EUVD-2001-0675

Malware in sbrugna...

Exploit for Improper Restriction of XML External Entity Reference in Wordpress

POC CVE-2021029447 - XXE in WordPress WordPress 5.6-5.7 - Au...

TrendMicro OfficeScanNT Listener Traversal Arbitrary File Access

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'TrendMicro OfficeScanNT Listener Traversal Arbitrary File Access', 'Description' = %q This module tests for directory traversal vulnerability in...

Rhysida Ransomware

Rhysida Ransomware By Alexandre Mundo, Max Kersten, and Leandro Velasco · October 9, 2023 New ransomware victims are made every day by ransom gangs with a variety of ransomware malware families, one of which is the Rhysida ransomware family. Within this blog, an anonymised version of an attack by...

FreeBSD : libspf2 -- Integer Underflow Remote Code Execution (915855ad-283d-4597-b01e-e0bf611db78b)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 915855ad-283d-4597-b01e-e0bf611db78b advisory. - Trendmicro ZDI reports: Integer Underflow Remote Code Execution Vulnerability The specific flaw exist...

libspf2 -- Integer Underflow Remote Code Execution

Trendmicro ZDI reports: Integer Underflow Remote Code Execution Vulnerability The specific flaw exists within the parsing of SPF macros. When parsing SPF macros, the process does not properly validate user-supplied data, which can result in an integer underflow before writing to memory. An attack...

New Sandworm Malware Cyclops Blink Replaces VPNFilter

Summary The Sandworm actor, which the United Kingdom and the United States have previously attributed to the Russian GRU, has replaced the exposed VPNFilter malware with a new more advanced framework. The United Kingdom's UK National Cyber Security Centre NCSC, the Cybersecurity and Infrastructur...

Mortar - Evasion Technique To Defeat And Divert Detection And Prevention Of Security Products (AV/EDR/XDR)

red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to...

CVE-2021-25231

An improper access control vulnerability in Trend Micro Apex One on-prem and SaaS, OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific hotfix history file...

Trendmicro Threat Discovery Appliance Directory Traversal (CVE-2016-7552)

An authentication bypass vulnerability exists in TrendMicro Threat Discovery Appliance. Successful exploitation of this vulnerability would allow remote attackers to gain unauthorized access into the affected system...

Trendmicro Email Encryption Gateway SQL Injection (CVE-2018-6230)

An SQL injection vulnerability exists in trendmicro email encryption gateway 5.5. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

Securing the Connected World with Support for The Shadowserver Foundation

If the first few months of 2020 have taught us anything, it’s the importance of collaboration and partnership to tackle a common enemy. This is true of efforts to fight the current pandemic, and it’s also true of the fight against cybercrime. That’s why Trend Micro has, over the years, struck...

TrendMicro Password Manager node.js Unsafe API Calls

When you install TrendMicro Antivirus on Windows, by default a component called Password Manager is also installed and automatically launched on startup. This product is primarily written in JavaScript with node.js, and opens multiple HTTP RPC ports for handling API requests. It took about 30...

TrendMicro Anti-Threat Toolkit Improper Fix

Hi @ll, on September 29, 2019, John Page reported a remote code execution with escalation of privilege in TrendMicro's Anti-Threat Toolkit to its vendor. TrendMicro assigned CVE-2019-9491 to this vulnerability and told the reporter, his dog and the world on October 18, 2019, that they had fixed t...

Pacbot - Platform For Continuous Compliance Monitoring, Compliance Reporting And Security Automation For The Cloud

Policy as Code Bot PacBot is a platform for continuous compliance monitoring, compliance reporting and security automation for the cloud. In PacBot, security and compliance policies are implemented as code. All resources discovered by PacBot are evaluated against these policies to gauge policy...

Buggy implementation of CVE-2018-8373 vulnerability used to deliver Quasar RAT

A variant of a remote code execution vulnerability with Internet Explorer's scripting engine known as CVE-2018-8373 patched last August has been found in the wild. Looking at the IOCs posted by our colleagues at TrendMicro, we recognized the infrastructure serving this exploit. The same static...

success.trendmicro.com XSS vulnerability

Open Bug Bounty ID: OBB-674353 Description| Value ---|--- Affected Website:| success.trendmicro.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Trend Micro Virtual Mobile Infrastructure 5.5.1336 - 'Server address' Denial of Service (PoC)

Exploit Title: Trend Micro Virtual Mobile Infrastructure 5.5.1336 - 'Server address' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2018-09-01 Vendor Homepage: http://www.trendmicro.com.tr/media/ds/virtual-mobile-infrastructure-datasheet-en.pdf Software Link: App Store for iOS...

Cb ThreatSight Investigation Reveals RETADUP Worm Leverages AutoIt to Launch Monero Cryptomining Campaign

While monitoring a customer’s environment, the Carbon Black ThreatSight team discovered a series of unusual alerts. Further investigation of the suspect processes revealed these alerts were related to an attacker leveraging the open-source Monero framework to launch a crypto-mining campaign. Afte...