Vulnerabilities (CVE)

Filtered by vendor Trendmicro Subscribe
Filtered by product Threat Discovery Appliance
Total 12 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-8593 1 Trendmicro 1 Threat Discovery Appliance 2024-11-21 6.5 MEDIUM 8.8 HIGH
Directory traversal vulnerability in upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via a .. (dot dot) in the dID parameter.
CVE-2016-8592 1 Trendmicro 1 Threat Discovery Appliance 2024-11-21 9.0 HIGH 8.8 HIGH
log_query_system.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
CVE-2016-8591 1 Trendmicro 1 Threat Discovery Appliance 2024-11-21 9.0 HIGH 8.8 HIGH
log_query.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
CVE-2016-8590 1 Trendmicro 1 Threat Discovery Appliance 2024-11-21 9.0 HIGH 8.8 HIGH
log_query_dlp.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
CVE-2016-8589 1 Trendmicro 1 Threat Discovery Appliance 2024-11-21 9.0 HIGH 8.8 HIGH
log_query_dae.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
CVE-2016-8588 1 Trendmicro 1 Threat Discovery Appliance 2024-11-21 6.0 MEDIUM 7.3 HIGH
The hotfix_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the file name of an uploaded file.
CVE-2016-8587 1 Trendmicro 1 Threat Discovery Appliance 2024-11-21 6.0 MEDIUM 7.3 HIGH
dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via an archive file containing a symlink to /eng_ptn_stores/prod/sensorSDK/data/ or /eng_ptn_stores/prod/sensorSDK/backup_pol/.
CVE-2016-8586 1 Trendmicro 1 Threat Discovery Appliance 2024-11-21 9.0 HIGH 8.8 HIGH
detected_potential_files.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
CVE-2016-8585 1 Trendmicro 1 Threat Discovery Appliance 2024-11-21 9.0 HIGH 8.8 HIGH
admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter.
CVE-2016-8584 1 Trendmicro 1 Threat Discovery Appliance 2024-11-21 7.5 HIGH 9.8 CRITICAL
Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses predictable session values, which allows remote attackers to bypass authentication by guessing the value.
CVE-2016-7552 1 Trendmicro 1 Threat Discovery Appliance 2024-11-21 10.0 HIGH 9.8 CRITICAL
On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS.
CVE-2016-7547 1 Trendmicro 1 Threat Discovery Appliance 2024-11-21 7.5 HIGH 9.8 CRITICAL
A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in the admin_sys_time.cgi interface.