Officescan

officescan

Vendor: Trendmicro • 71 CVEs

CVEs (71)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-14085 1Trendmicro 1Officescan May 13, 2026 Oct 6, 2017 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Information disclosure vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to query the network's NT domain or the PHP version and modules.
CVE-2017-14084 1Trendmicro 1Officescan May 13, 2026 Oct 6, 2017 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 A potential Man-in-the-Middle (MitM) attack vulnerability in Trend Micro OfficeScan 11.0 and XG may allow attackers to execute arbitrary code on vulnerable installations.
CVE-2017-14083 1Trendmicro 1Officescan May 13, 2026 Oct 6, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote unauthenticated users who can access the system to download the OfficeScan encryption file.
CVE-2017-11394 1Trendmicro 1Officescan May 13, 2026 Aug 3, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the T parameter...Show more Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the T parameter within Proxy.php. Formerly ZDI-CAN-4544.Show less
CVE-2017-11393 1Trendmicro 1Officescan May 13, 2026 Aug 3, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the tr parameter...Show more Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the tr parameter within Proxy.php. Formerly ZDI-CAN-4543.Show less
CVE-2017-8801 1Trendmicro 1Officescan May 13, 2026 May 5, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Trend Micro OfficeScan 11.0 before SP1 CP 6325 (with Agent Module Build before 6152) and XG before CP 1352 has XSS via a crafted URI using a blocked website.
CVE-2017-5481 1Trendmicro 1Officescan May 13, 2026 May 3, 2017 N/A· v4 8.8 HIGH· v3 4.0 MEDIUM· v2 Trend Micro OfficeScan 11.0 before SP1 CP 6325 and XG before CP 1352 allows remote authenticated users to gain privileges by leveraging a leak of an encrypted password during a web-console operation.
CVE-2016-1223 1Trendmicro 3Officescan Worry Free Business SecurityWorry Free Business Security Services May 6, 2026 Jun 19, 2016 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x, and Worry-Free Business Security 9.0 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2010-0564 1Trendmicro 1Officescan Apr 29, 2026 Feb 10, 2010 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Buffer overflow in Trend Micro URL Filtering Engine (TMUFE) in OfficeScan 8.0 before SP1 Patch 5 - Build 3510, possibly tmufeng.dll before 3.0.0.1029, allows attackers to cause a denial of service (crash or OfficeScan ha...Show more Buffer overflow in Trend Micro URL Filtering Engine (TMUFE) in OfficeScan 8.0 before SP1 Patch 5 - Build 3510, possibly tmufeng.dll before 3.0.0.1029, allows attackers to cause a denial of service (crash or OfficeScan hang) via unspecified vectors. NOTE: it is likely that this issue also affects tmufeng.dll before 2.0.0.1049 for OfficeScan 10.0.Show less
CVE-2009-1435 1Trendmicro 1Officescan Apr 23, 2026 Apr 27, 2009 N/A· v4 N/A· v3 2.1 LOW· v2 NTRtScan.exe in Trend Micro OfficeScan Client 8.0 SP1 and 8.0 SP1 Patch 1 allows local users to cause a denial of service (application crash) via directories with long pathnames. NOTE: some of these details are obtained...Show more NTRtScan.exe in Trend Micro OfficeScan Client 8.0 SP1 and 8.0 SP1 Patch 1 allows local users to cause a denial of service (application crash) via directories with long pathnames. NOTE: some of these details are obtained from third party information.Show less
CVE-2008-2433 1Trendmicro 3Client Server Messaging Suite OfficescanWorry Free Business Security Apr 23, 2026 Aug 27, 2008 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business Security 5.0, and Client/Server/Messaging Suite 3.5 and 3.6 creates a random session token based only on the login time, which mak...Show more The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business Security 5.0, and Client/Server/Messaging Suite 3.5 and 3.6 creates a random session token based only on the login time, which makes it easier for remote attackers to hijack sessions via brute-force attacks. NOTE: this can be leveraged for code execution through an unspecified "manipulation of the configuration."Show less

Previous 1 2 34