Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
TrendmicroOfficescan

71 matches found

CVE
CVEadded 2017/08/03 3:29 p.m.41 views

CVE-2017-11394

Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the T parameter within Proxy.php. Formerly ZDI-CAN-4544.

10CVSS9.8AI score0.78466EPSS
CVE
CVEadded 2018/06/08 2:29 p.m.41 views

CVE-2018-10506

A out-of-bounds read information disclosure vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to disclose sensitive information on vulnerable installations due to a flaw within the processing of IOCTL 0x220004 by the TMWFP driver. An attacker must first obtain the...

4.7CVSS4.8AI score0.00111EPSS
CVE
CVEadded 2018/07/06 7:29 p.m.41 views

CVE-2018-3608

A vulnerability in Trend Micro Maximum Security's (Consumer) 2018 (versions 12.0.1191 and below) User-Mode Hooking (UMH) driver could allow an attacker to create a specially crafted packet that could alter a vulnerable system in such a way that malicious code could be injected into other processes.

10CVSS9.3AI score0.03863EPSS
CVE
CVEadded 2020/12/01 7:15 p.m.41 views

CVE-2020-28573

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal the total agents managed by the server.

5.3CVSS5.1AI score0.0038EPSS
CVE
CVEadded 2018/06/12 5:29 p.m.40 views

CVE-2018-10508

A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to use a specially crafted URL to elevate account permissions on vulnerable installations. An attacker must already have at least guest privileges in order to exploit this vulnerability.

8.8CVSS8.5AI score0.00625EPSS
CVE
CVEadded 2020/12/01 7:15 p.m.40 views

CVE-2020-28583

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version, build and patch information.

5.3CVSS5.1AI score0.0038EPSS
CVE
CVEadded 2009/04/27 6:0 p.m.39 views

CVE-2009-1435

NTRtScan.exe in Trend Micro OfficeScan Client 8.0 SP1 and 8.0 SP1 Patch 1 allows local users to cause a denial of service (application crash) via directories with long pathnames. NOTE: some of these details are obtained from third party information.

2.1CVSS6.4AI score0.00453EPSS
CVE
CVEadded 2018/06/08 2:29 p.m.39 views

CVE-2018-10359

A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x220078 in the TMWFP driver. An attacker must first obtain the ability to exec...

6.3CVSS7.1AI score0.00084EPSS
CVE
CVEadded 2018/06/12 5:29 p.m.39 views

CVE-2018-10509

A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to exploit it via a Browser Refresh attack on vulnerable installations. An attacker must be using a AD logon user account in order to exploit this vulnerability.

8.8CVSS8.4AI score0.00461EPSS
CVE
CVEadded 2017/05/03 8:59 p.m.38 views

CVE-2017-5481

Trend Micro OfficeScan 11.0 before SP1 CP 6325 and XG before CP 1352 allows remote authenticated users to gain privileges by leveraging a leak of an encrypted password during a web-console operation.

8.8CVSS8.6AI score0.00478EPSS
CVE
CVEadded 2020/12/01 7:15 p.m.37 views

CVE-2020-28577

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names.

5.3CVSS5.1AI score0.0038EPSS
CVE
CVEadded 2020/12/01 7:15 p.m.37 views

CVE-2020-28582

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of managed agents.

5.3CVSS5.1AI score0.0038EPSS
CVE
CVEadded 2021/04/13 1:15 p.m.36 views

CVE-2021-25253

An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a resource used by the service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execut...

7.8CVSS7.7AI score0.01093EPSS
CVE
CVEadded 2017/05/05 7:29 p.m.35 views

CVE-2017-8801

Trend Micro OfficeScan 11.0 before SP1 CP 6325 (with Agent Module Build before 6152) and XG before CP 1352 has XSS via a crafted URI using a blocked website.

6.1CVSS6.4AI score0.0033EPSS
CVE
CVEadded 2018/06/08 2:29 p.m.35 views

CVE-2018-10505

A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x220008 in the TMWFP driver. An attacker must first obtain the ability to exec...

6.3CVSS7.1AI score0.00084EPSS
CVE
CVEadded 2018/12/21 3:29 p.m.35 views

CVE-2018-18332

A Trend Micro OfficeScan XG weak file permissions vulnerability may allow an attacker to potentially manipulate permissions on some key files to modify other files and folders on vulnerable installations.

7.5CVSS7.4AI score0.00227EPSS
CVE
CVEadded 2019/12/20 4:15 p.m.35 views

CVE-2019-19691

A vulnerability in Trend Micro Apex One and OfficeScan XG could allow an attacker to expose a masked credential key by manipulating page elements using development tools. Note that the attacker must already have admin/root privileges on the product console to exploit this vulnerability.

4.9CVSS5AI score0.00533EPSS
CVE
CVEadded 2021/04/13 1:15 p.m.33 views

CVE-2021-25250

An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a sensitive file could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileg...

7.8CVSS7.7AI score0.0007EPSS
CVE
CVEadded 2020/08/05 2:15 p.m.32 views

CVE-2020-8607

An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or potenti...

7.2CVSS6.6AI score0.00082EPSS
CVE
CVEadded 2021/04/13 1:15 p.m.32 views

CVE-2021-28645

An incorrect permission assignment vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target sy...

7.8CVSS7.7AI score0.0007EPSS
CVE
CVEadded 2021/04/13 1:15 p.m.31 views

CVE-2021-28646

An insecure file permissions vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to take control of a specific log file on affected installations.

5.5CVSS5.5AI score0.00062EPSS
Total number of security vulnerabilities71