CVE-2004-2006 — Micro Officescan vulnerability

33 documents6 sources

Severity

4.6MEDIUMNVD

EPSS

0.1%

top 83.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trend Micro Officescan

Timeline

PublishedMay 7

Latest updateApr 29

Description

Trend Micro OfficeScan 3.0 - 6.0 has default permissions of "Everyone Full Control" on the installation directory and registry keys, which allows local users to disable virus protection.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

▶NVDtrend_micro/officescan7 versions+6

Patches

Patch: secunia.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-mgp4-ph25-p5v6: Trend Micro OfficeScan 3↗2022-04-29

▶

CVEList

CVE-2004-2006: Trend Micro OfficeScan 3↗2005-05-10

▶

💥Exploits & PoCs

Exploit-DB

PMB Services 3.0.13 - Multiple Remote File Inclusions↗2007-03-09

▶

Exploit-DB

Oracle 9i/10g - 'extproc' Local/Remote Command Execution↗2006-12-19

▶

Exploit-DB

vSpin Classified System 2004 - 'cat.asp?catname' Cross-Site Scripting↗2006-11-20

▶

Exploit-DB

vSpin Classified System 2004 - 'cat.asp?cat' SQL Injection↗2006-11-20

▶

Exploit-DB

vSpin Classified System 2004 - 'search.asp?minprice' Cross-Site Scripting↗2006-11-20

▶

📋Vendor Advisories

Red Hat

security flaw↗2006-09-12

▶

Red Hat

security flaw↗2006-02-12

▶

Red Hat

CVE-2004-1051 bash scripts run via Sudo can be subverted (CVE-2005-4158, CVE-2006-0151)↗2004-11-11

▶

Red Hat

CVE-2004-1051 bash scripts run via Sudo can be subverted (CVE-2005-4158, CVE-2006-0151)↗2004-11-11

▶

Red Hat

CVE-2006-1017: The c-client library 2000, 2001, or 2004 for PHP before 4↗

▶

💬Community

Bugzilla

CVE-2006-3311 security flaw↗2018-08-16

▶

Bugzilla

CVE-2004-0885 mod_ssl SSLCipherSuite bypass↗2008-01-29

▶

Bugzilla

CVE-2004-0940 httpd mod_include SSI overflow↗2008-01-28

▶

Bugzilla

CVE-2006-5467 Ruby CGI multipart parsing DoS↗2006-10-26

▶

Bugzilla

CVE-2006-5467 Ruby CGI multipart parsing DoS↗2006-10-25

▶