Trend Micro, Inc. Security Vulnerabilities

Trend Micro Apex One Server Authentication Bypass (CVE-2022-40144)

The Trend Micro Apex One server running on the remote host is affected by an authentication bypass vulnerability. An unauthenticated remote attacker can exploit this, via a specially crafted message, to obtain an authenticated...

Trend Micro Worry-Free Business Security Remote File Deletion (000281948)

The Trend Micro Worry-Free Business Security (WFBS) is affected by a remote file deletion vulnerability in cgiLog.exe due to improper validation of a user-supplied path prior to using it in a file operation when handling the BinaryDataBlock parameter in an HTTP request. An unauthenticated, remote.....

Trend Micro Worry-Free Business Security Advanced Server Installed (Windows)

Trend Micro Worry-Free Business Security Advanced Server, a commercial antivirus server application for Windows, is installed on the remote...

Trend Micro InterScan Web Security Virtual Appliance 6.5 Multiple Vulnerabilities

Trend Micro has released a new hot fix for Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5. This build resolves multiple vulnerabilities related to potential remote code execution...

Information Disclosure

xen is vulnerable to Information Disclosure. Under specific micro architectural circumstances, an attacker is able to potentially access sensitive user...

AMD Data Breach: IntelBroker Claims Theft of Employee and Product Info

Advanced Micro Devices, Inc. (AMD) has apparently been breached by IntelBroker, a notorious hacker from the Breach Forums --- AMD has not yet confirmed the...

Exploit for CVE-2024-5522

CVE-2024-5522-Poc CVE-2024-5522 HTML5 Video Player <=...

Trend Micro OfficeScan Multiple Privilege Escalation and Cross Site Scripting Vulnerabilities

Trend Micro OfficeScan is prone to a privilege escalation vulnerability and multiple cross-site scripting...

Trend Micro Mobile Security for Enterprise File Deletion (CVE-2022-40980)

The Trend Micro Mobile Security for Enterprise running on the remote host is affected by a file deletion vulnerability. An unauthenticated remote attacker can exploit this, via a specially crafted message, to delete arbitrary files on the remote host. Note that this plugin looks for a TCP SYN...

Trend Micro ServerProtect for Windows (SpntSvc.exe) StRpcSrv.dll Arbitrary Remote Code Execution

The remote version of Trend Micro ServerProtect exposes multiple insecure methods through its RPC interface that let an unauthenticated remote attacker list, read and write to arbitrary files on the affected host. By sending legitimate requests to the remote service, an attacker may be able to...

micro-mobility.fr Cross Site Scripting vulnerability OBB-3865043

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Micro Focus NetIQ Access Manager Installed (Windows)

Micro Focus NetIQ Access Manager is installed on the remote Windows...

Exploit for CVE-2023-38831

VolleyballSquid-----CVE-2023-38831-and-Bypass-UAC This is my...

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) DecryptPasswd Stack-based Buffer Overflow

The Trend Micro InterScan Web Security Virtual Appliance (IWSVA) is affected by a remote code execution vulnerability. A stack-based buffer overflow condition exists in the DecryptPasswd function in libuiauutil.so due to improper validation of user-supplied data before copying it to a fixed-size,.....

DedeCMS 5.7 - Path Disclosure

DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or...

CVE-2023-32261

A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. See the following Jenkins security advisory for details: * ...

Exploit for CVE-2024-27956

CVE-2024-27956 Note Build wordpress: docker-compose -f...

Explore AI-Driven Cybersecurity with Trend Micro, Using NVIDIA NIM

Discover Trend Micro's integration of NVIDIA NIM to deliver an AI-driven cybersecurity solution for next-generation data centers. Engage with experts, explore demos, and learn strategies for securing AI data centers and optimizing cloud...

Trend Micro ServerProtect Information Server Detection

The Trend Micro ServerProtect Information Server is running on the remote...

Trend Micro Control Manager CmdProcessor.exe Detection

CmdProcessor.exe is one of the processes spawned by the Trend Micro Control Manager. It's responsible for sending XML instructions, formed by other processes, to managed products and processing product registration. It also sends alerts, performs scheduled tasks, and applies Outbreak Prevention...

CVE-2023-32263

A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability could be exploited to retrieve a login certificate if an authenticated user is duped into using an attacker-controlled Dimensions CM server. This vulnerability only applies when...

CVE-2023-32262

A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Item/Configure permission to access and capture credentials they are not entitled to. See the following Jenkins security advisory for details: * ...

CVE-2023-36088

Server Side Request Forgery (SSRF) vulnerability in NebulaGraph Studio version 3.7.0, allows remote attackers to gain sensitive...

[SECURITY] Fedora 39 Update: dotnet8.0-8.0.105-1.fc39

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

CVE-2024-33619

In the Linux kernel, the following vulnerability has been resolved: efi: libstub: only free priv.runtime_map when allocated priv.runtime_map is only allocated when efi_novamap is not set. Otherwise, it is an uninitialized value. In the error path, it is freed unconditionally. Avoid passing an...

CVE-2024-33619

In the Linux kernel, the following vulnerability has been resolved: efi: libstub: only free priv.runtime_map when allocated priv.runtime_map is only allocated when efi_novamap is not set. Otherwise, it is an uninitialized value. In the error path, it is freed unconditionally. Avoid passing an...

perl:5.32 security update

perl-Algorithm-Diff perl-Archive-Tar perl-Archive-Zip perl-autodie perl-bignum perl-Carp perl-Compress-Bzip2 perl-Compress-Raw-Bzip2 perl-Compress-Raw-Lzma perl-Compress-Raw-Zlib [2.096-2] - Fix test broken by update in zlib on s390x - Related: RHEL-16371 perl-Config-Perl-V perl-constant...

WSO2 - Cross-Site Scripting

WSO2 contains a reflected cross-site scripting vulnerability in the Management Console of API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0, 6.4.0,.....

Micro Focus NetIQ Access Manager Installed (Linux)

Micro Focus NetIQ Access Manager is installed on the remote Linux...

CVE-2024-0967 OpenText / Micro Focus ArcSight Enterprise Security Manager Remote Vulnerability

A potential vulnerability has been identified in OpenText / Micro Focus ArcSight Enterprise Security Manager (ESM). The vulnerability could be remotely...

School Dormitory Management System 1.0 - Authenticated Cross-Site Scripting

School Dormitory Management System 1.0 contains an authenticated cross-site scripting vulnerability in admin/inc/navigation.php:126. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based....

CVE-2024-37289

An improper access control vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

NodeBB XML-RPC Request xmlrpc.php - XML Injection

A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC...

CVE-2024-36304

A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order...

TIBCO JasperReports Library - Directory Traversal

The default server implementation of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for...

Trend Micro ServerProtect Static Credential (CVE-2022-25329)

The Trend Micro ServerProtect Information Server running on the remote host uses a static credential to perform authentication when console type 1 is specified in the console registration request. An unauthenticated remote attacker can exploit this, via a specially crafted message, to register to.....

CVE-2023-4220

Unrestricted file upload in big file upload functionality in /main/inc/lib/javascript/bigupload/inc/bigUpload.php in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web...

CVE-2024-36302

An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

CVE-2024-32547 WordPress Code Insert Manager (Q2W3 Inc Manager) plugin <= 2.5.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Max Bond Code Insert Manager (Q2W3 Inc Manager) allows Reflected XSS.This issue affects Code Insert Manager (Q2W3 Inc Manager): from n/a through...

CVE-2024-36305

A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

WordPress Sell Media 2.4.1 - Cross-Site Scripting

WordPress Plugin Sell Media v2.4.1 contains a cross-site scripting vulnerability in /inc/class-search.php that allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search...

CVE-2024-36303

An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

CVE-2024-36306

A link following vulnerability in the Trend Micro Apex One and Apex One as a Service Damage Cleanup Engine could allow a local attacker to create a denial-of-service condition on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the...

CVE-2024-36307

A security agent link following vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information about the agent on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the...

Novell / NetIQ / Micro Focus iManager Detection (HTTP)

HTTP based detection of Novell / NetIQ / Micro Focus...

CVE-2024-32547 WordPress Code Insert Manager (Q2W3 Inc Manager) plugin <= 2.5.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Max Bond Code Insert Manager (Q2W3 Inc Manager) allows Reflected XSS.This issue affects Code Insert Manager (Q2W3 Inc Manager): from n/a through...

NeDi 1.9C - Cross-Site Scripting

NeDi 1.9C is vulnerable to cross-site scripting because of an incorrect implementation of sanitize() in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily bypassed, as demonstrated by an onerror attribute of an IMG element as a...

Magento Mass Importer <0.7.24 - Remote Auth Bypass

Magento Mass Importer (aka MAGMI) versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection...

CVE-2024-5851

A vulnerability classified as problematic has been found in playSMS up to 1.4.7. Affected is an unknown function of the file /index.php?app=main&inc=feature_schedule&op=list of the component SMS Schedule Handler. The manipulation of the argument name/message leads to basic cross site scripting. It....

CVE-2021-47249

In the Linux kernel, the following vulnerability has been resolved: net: rds: fix memory leak in rds_recvmsg Syzbot reported memory leak in rds. The problem was in unputted refcount in case of error. int rds_recvmsg(struct socket sock, struct msghdr msg, size_t size, int msg_flags) {...