TopXXX, ViolationXXX, and IncidentXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.

A password hash usage authentication bypass vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to bypass authentication on vulnerable installations.

An AdHocQuery_Processor SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.

XXXStatusXXX, XXXSummary, TemplateXXX and XXXCompliance method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations.

An uninitialized pointer information disclosure vulnerability in Trend Micro Mobile Security (Enterprise) versions 9.7 and below could allow an unauthenticated remote attacker to disclosure sensitive information on a vulnerable system.

An improper access control vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to decrypt contents of a database with information that could be used to access a vulnerable system.

A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system.

A stored cross site scripting (XSS) vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to execute a malicious payload on vulnerable systems.

A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a cron job injection on a vulnerable system.

A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a local file inclusion on a vulnerable system.