Trendmicro

Threat Discovery Appliance

12 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2016-8584

Exploit
  • EPSS 4.08%
  • Published 28.04.2017 19:59:00
  • Last modified 20.04.2025 01:37:25

Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses predictable session values, which allows remote attackers to bypass authentication by guessing the value.

9

CVE-2016-8585

Exploit
  • EPSS 9.54%
  • Published 28.04.2017 19:59:00
  • Last modified 20.04.2025 01:37:25

admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter.

9

CVE-2016-8586

Exploit
  • EPSS 3.54%
  • Published 28.04.2017 19:59:00
  • Last modified 20.04.2025 01:37:25

detected_potential_files.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.

7.3

CVE-2016-8587

Exploit
  • EPSS 0.56%
  • Published 28.04.2017 19:59:00
  • Last modified 20.04.2025 01:37:25

dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via an archive file containing a symlink to /eng_ptn_stores/prod/sensorSDK/data/ or /eng_ptn_stores/pro...

7.3

CVE-2016-8588

Exploit
  • EPSS 0.56%
  • Published 28.04.2017 19:59:00
  • Last modified 20.04.2025 01:37:25

The hotfix_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the file name of an uploaded file.

9

CVE-2016-8589

Exploit
  • EPSS 3.54%
  • Published 28.04.2017 19:59:00
  • Last modified 20.04.2025 01:37:25

log_query_dae.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.

9

CVE-2016-8590

Exploit
  • EPSS 3.54%
  • Published 28.04.2017 19:59:00
  • Last modified 20.04.2025 01:37:25

log_query_dlp.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.

9

CVE-2016-8591

Exploit
  • EPSS 3.54%
  • Published 28.04.2017 19:59:00
  • Last modified 20.04.2025 01:37:25

log_query.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.

9

CVE-2016-8592

Exploit
  • EPSS 3.54%
  • Published 28.04.2017 19:59:00
  • Last modified 20.04.2025 01:37:25

log_query_system.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.

8.8

CVE-2016-8593

Exploit
  • EPSS 4.89%
  • Published 28.04.2017 19:59:00
  • Last modified 20.04.2025 01:37:25

Directory traversal vulnerability in upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via a .. (dot dot) in the dID parameter.