2 matches found
Command injection
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG 12 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the T parameter within Proxy.php. Formerly ZDI-CAN-4544...
CVE-2017-11394
CVE-2017-11394 describes a proxy.php parameter handling flaw in Trend Micro OfficeScan 11 and XG (12) that allows remote command execution via improper validation of HTTP parameters (Proxy.php). The vulnerability enables an attacker to execute arbitrary code on vulnerable installations. Public re...