Trend Micro, Inc. Security Vulnerabilities

Malicious code in micro-username (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (16568c3c83ac6dd335ed741695670ec423436e9f9c4070c7f200d46edc98948b) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in pet-profile-micro-interaction (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (cd98e11aca525f441300cc29d3cebd96d52cee8d8620e951a805b48fe9305d33) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2021-4244

A vulnerability classified as problematic has been found in yikes-inc-easy-mailchimp-extender Plugin up to 6.8.5. This affects an unknown part of the file admin/partials/ajax/add_field_to_form.php. The manipulation of the argument field_name/merge_tag/field_type/list_id leads to cross site...

CVE-2023-48105

An heap overflow vulnerability was discovered in Bytecode alliance wasm-micro-runtime v.1.2.3 allows a remote attacker to cause a denial of service via the wasm_loader_prepare_bytecode function in...

CVE-2023-23900

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in YIKES, Inc. Easy Forms for Mailchimp plugin <= 6.8.8...

CVE-2023-4925

The Easy Forms for Mailchimp WordPress plugin through 6.8.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is...

CVE-2023-1323

The Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sanitise and escape some of its from parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite.....

CVE-2023-2518

The Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sanitise and escape a parameter before outputting it back in the page when the debug option is enabled, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...

CVE-2023-1324

The Easy Forms for Mailchimp WordPress plugin before 6.8.8 does not sanitise and escape some parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...

CVE-2023-1325

The Easy Forms for Mailchimp WordPress plugin before 6.8.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

CVE-2023-52284

Bytecode Alliance wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) before 1.3.0 can have an "double free or corruption" error for a valid WebAssembly module because push_pop_frame_ref_offset is...

Micro Focus Operations Bridge Manager Authenticated Remote Code Execution

This module exploits an authenticated Java deserialization that affects a truckload of Micro Focus products: Operations Bridge Manager, Application Performance Management, Data Center Automation, Universal CMDB, Hybrid Cloud Management and Service Management Automation. However this module was...

Payara Micro Community 5.2021.6 Directory Traversal

Payara Micro Community 5.2021.6 and below contains a directory traversal...

Micro Focus UCMDB - Remote Code Execution

Micro Focus UCMDB is susceptible to remote code execution. Impacted products include Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions, and Operations Bridge (containerized) 2020.05, 2019.08,...

Micro Focus Operations Bridge Reporter - Remote Code Execution

Micro Focus Operations Bridge Reporter 10.40 is susceptible to remote code execution. An attacker can potentially execute malware, obtain sensitive information, modify data, and/or execute unauthorized operations without entering necessary...

Trend Micro Threat Discovery Appliance 2.6.1062r1 - Authentication Bypass

Trend Micro Threat Discovery Appliance 2.6.1062r1 is vulnerable to a directory traversal vulnerability when processing a session_id cookie, which allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a...

Micro Focus Operations Bridge Manager <=2020.05 - Remote Code Execution

Micro Focus Operations Bridge Manager in versions 2020.05 and below is vulnerable to remote code execution via UCMDB. The vulnerability allows remote attackers to execute arbitrary code on affected installations of Data Center Automation. An attack requires network access and authentication as a...

Super Micro detection (dmidecode)

According to the DMI information, the remote host contains hardware manufactured by Super Micro. Since it is physically accessible through the network, ensure that its configuration matches your organization's security...

Super Micro Detection (Windows)

According to the WMI information, the remote Windows host appears to be running on hardware manufactured by Super Micro. Since it is physically accessible through the network, ensure that its configuration matches your organization's security...

Trend Micro Control Manager Detection

Trend Micro Control Manager, a centralized threat and data protection management application, is installed on the remote Windows...

Micro Focus Network Automation Detection

Micro Focus Network Automation (formerly HP Network Automation), a web-based application for automating IT processes, is running on the remote...

Trend Micro OfficeScan Client Version

The remote host is running TrendMicro OfficeScan client, an embedded HTTP server used by TrendMicro antivirus...

Trend Micro OfficeScan Web Interface Detection

Trend Micro OfficeScan, an enterprise security platform, is running on the remote host. It is possible to extract version information if login credentials are...

Trend Micro Control Manager Detection (uncredentialed)

Trend Micro Control Manager, a centralized threat and data protection management application, is running on the remote...

Trend Micro Message Routing Framework Detection

Trend Micro Message Routing Framework (MRF) is running on the remote host. MRF is a component of the Trend Micro Infrastructure (TMI), which itself is a component of the Trend Micro Control Manager Architecture. MRF interacts with Control Manager 2.x agents to communicate with managed products. It....

Trend Micro Smart Protection Server Detection

The remote host is running Trend Micro Smart Protection Server, an in-the-cloud based, advanced protection solution that leverages file reputation and web reputation technology to detect security...

CVE-2022-35938

TensorFlow is an open source platform for machine learning. The GatherNd function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. This issue has been...

Exploit for CVE-2023-38831

CVE-2023-38831 PoC (Proof Of Concept) This is an easy to use...

inc-conso.fr Cross Site Scripting vulnerability OBB-3872425

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Trend Micro Deep Discovery Inspector RCE Vulnerability

Trend Micro Deep Discovery Inspector is prone to a remote command execution (RCE)...

Trend Micro Deep Security Agent Installed (Linux)

Trend Micro Deep Security Agent which provides application control, anti-malware, web reputation service, firewall, intrusion prevention, integrity monitoring, and log inspection protection is installed on the remote Linux...

Trend Micro Apex One Server Installed (Windows)

Trend Micro Apex One, a server for managing endpoint protection agents, is installed on the remote Windows...

Trend Micro Worry-Free Business Security Detection

The web console for Trend Micro Worry-Free Business Security (WFBS), a commercial antivirus server application for Windows, is running on the remote...

Trend Micro SafeSync for Enterprise (SSFE) Detection

Trend Micro SafeSync for Enterprise, an enterprise data management application, is running on the remote...

Trend Micro ScanMail for Exchange Installation Detection

Trend Micro ScanMail for Exchange (SMEX), an email security and filtering application built on top of Microsoft Exchange, is installed on the remote Windows...

Trend Micro Deep Security Agent Installed (Windows)

Trend Micro Deep Security Agent which provides application control, anti-malware, web reputation service, firewall, intrusion prevention, integrity monitoring, and log inspection protection is installed on the remote Windows...

Trend Micro Deep Security Manager Installed (Windows)

Trend Micro Deep Security Manager, a web-based management console that administrators use to configure security policy and deploy protection, is installed on the remote Windows...

micro-tronik.com Cross Site Scripting vulnerability OBB-3901748

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Trend Micro InterScan Web Security Virtual Appliance Detection

The remote host is a Trend Micro InterScan Web Security Virtual Appliance (IWSVA), a web gateway for application control, exploit detection, malware scanning, and URL...

Trend Micro Apex One Management Web Console Detection

The web console interface for a Trend Micro Apex One Management server was detected on the remote...

Trend Micro Threat Intelligence Manager Web Console Detection

The remote web server is running the web console for Trend Micro Threat Intelligence Manager, a security event management application used to collect, analyze, and manage Trend Micro product event...

Trend Micro Apex Central Management Server Installed (Windows)

Trend Micro Apex Central, a server for managing Trend Micro products and services, is installed on the remote Windows...

Exploit for Use After Free in Linux Linux Kernel

CVE-2022-2586-LPE LPE N-day Exploit for...

Trend Micro Apex Central Management Web Console Detection

The web console interface for a Trend Micro Apex Central Management server was detected on the remote...

Trend Micro ScanMail for Exchange Web Console Detection

The remote web server is running the web console for Trend Micro ScanMail for Exchange, an email security and filtering application built on top of Microsoft...

Trend Micro Mobile Security for Enterprise Web Console Detection

The web console for Trend Micro Mobile Security for Enterprise, a security solution for mobile devices, was detected on the remote...

Trend Micro InterScan Web Security Virtual Appliance Device Detection

The remote host is a Trend Micro InterScan Web Security Virtual Appliance (IWSVA), a web gateway for application control, exploit detection, malware scanning, and URL filtering. Nessus was able to read the OS version number by logging into the device via...

CVE-2017-17688

The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an...

CVE-2024-0552 Intumit inc. SmartRobot - Remote Code Execution

Intumit inc. SmartRobot's web framwork has a remote code execution vulnerability. An unauthorized remote attacker can exploit this vulnerability to execute arbitrary commands on the remote...

Exploit for Race Condition in Linux Linux Kernel

CVE-2022-29582 This repository contains exploit code for...