VYPR

Scanmail

by Trend Micro

CVEs (9)

  • CVE-2017-14090CriDec 16, 2017
    risk 0.59cvss 9.1epss 0.01

    A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not encrypted.

  • CVE-2017-14092HigDec 16, 2017
    risk 0.57cvss 8.8epss 0.01

    The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 12.0 web interface forms could allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain.

  • CVE-2017-14091HigDec 16, 2017
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific installations that utilize a uncommon feature - Other Update Sources - could be exploited to overwrite sensitive files in the ScanMail for Exchange directory.

  • CVE-2017-14093MedDec 16, 2017
    risk 0.40cvss 6.1epss 0.01

    The Log Query and Quarantine Query pages in Trend Micro ScanMail for Exchange 12.0 are vulnerable to cross site scripting (XSS) attacks.

  • CVE-2004-1003Mar 1, 2005
    risk 0.03cvss epss 0.05

    Trend ScanMail allows remote attackers to obtain potentially sensitive information or disable the anti-virus capability via the smency.nsf file.

  • CVE-2003-1343Dec 31, 2003
    risk 0.03cvss epss 0.03

    Trend Micro ScanMail for Exchange (SMEX) before 3.81 and before 6.1 might install a back door account in smg_Smxcfg30.exe, which allows remote attackers to gain access to the web management interface via the vcc parameter, possibly "3560121183d3".

  • CVE-2007-0851Feb 8, 2007
    risk 0.01cvss epss 0.08

    Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, as used in other products such as Cyber Clean Center (CCC) Cleaner, allows remote attackers to execute arbitrary code via a malformed UPX compressed executable.

  • CVE-2015-3326May 14, 2015
    risk 0.00cvss epss 0.02

    Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 before Hot Fix Build 3318 and 11.0 before Hot Fix Build 4180 creates session IDs for the web console using a random number generator with predictable values, which makes it easier for remote attackers to bypass…

  • CVE-2005-0533May 2, 2005
    risk 0.00cvss epss 0.04

    Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI before 7.510, as used in multiple Trend Micro products, allows remote attackers to execute arbitrary code via a crafted ARJ file with long header file names that modify pointers within a structure.