CVE-2017-11398

CVE-2017-11398 affects Trend Micro Smart Protection Server (Standalone)

CVE-2017-14095

CVE-2017-14095 affects Trend Micro Smart Protection Server (Standalone) up to version 3.2/3.3 as per multiple sources. The vulnerability enables remote command execution via local file inclusion (LFI) in the web UI, with demonstrated attack vectors that include: session hijacking to obtain an act...

CVE-2017-14094

CVE-2017-14094 affects Trend Micro Smart Protection Server (Standalone) up to version 3.2. It enables remote command execution via cron job injection in the admin_update_program.php flow when updates are scheduled, due to unsanitized HTTP parameters used to build cron entries. The vulnerability i...

CVE-2017-14096

CVE-2017-14096 corresponds to stored XSS in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below, with a broader set of vulnerabilities disclosed by Core Security (CORE-2017-0008) affecting the same product. Connected sources describe practical attack chains that an unauthentic...

CVE-2017-14097

Trend Micro Smart Protection Server (Standalone)

CVE-2016-6267

CVE-2016-6267 affects Trend Micro Smart Protection Server (SnmpUtils) prior to specific builds: 2.5 before 2200, 2.6 before 2106, and 3.0 before 1330. The vulnerability allows remote authenticated users to execute arbitrary commands via shell metacharacters in admin_notification.php parameters (s...

CVE-2017-11395

CVE-2017-11395 concerns Trend Micro Smart Protection Server (Standalone) 3.1/3.2. The vulnerability is a command-injection flaw in the Admin UI (cm_agent.php) where input from an authenticated session is used to construct and execute system commands, enabling code execution via POST data (notably...

CVE-2018-6231

The CVE-2018-6231 issue affects Trend Micro Smart Protection Server (Standalone)

CVE-2016-6269

CVE-2016-6269 : Multiple directory traversal vulnerabilities affect Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330. The flaws enable remote attackers to read and delete arbitrary files via the tmpfname parameter to the ad hoc log reques...

CVE-2016-6268

CVE-2016-6268 affects Trend Micro Smart Protection Server prior to build 2200 (2.5), prior to build 2106 (2.6), and prior to build 1330 (3.0). The vulnerability allows local web server users to execute arbitrary code with root privileges through a Trojan horse ".war" file placed in the Solr webap...

CVE-2016-6266

Technical details sufficient to assess the vulnerability are not publicly provided in the supplied documents; please monitor for updates.

CVE-2018-10350

Summary: CVE-2018-10350 concerns a SQL injection remote code execution vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x. The flaw arises from improper handling of parameters passed to wcs_bwlists_handler.php, allowing an attacker to craft input that is used to form SQL querie...

CVE-2018-6237

The connected sources confirm a vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x that enables an unauthenticated remote attacker to coerce the product into processing a flood of specially crafted HTTP requests, potentially exhausting the file system and causing a denial of se...