Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-28 | CVE-2016-8591 | Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance 2.6.1062 log_query.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | 8.8 |
| 2017-04-28 | CVE-2016-8590 | Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance 2.6.1062 log_query_dlp.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | 8.8 |
| 2017-04-28 | CVE-2016-8589 | Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance 2.6.1062 log_query_dae.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | 8.8 |
| 2017-04-28 | CVE-2016-8588 | Improper Access Control vulnerability in Trendmicro Threat Discovery Appliance 2.6.1062 The hotfix_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the file name of an uploaded file. | 7.3 |
| 2017-04-28 | CVE-2016-8587 | Improper Access Control vulnerability in Trendmicro Threat Discovery Appliance 2.6.1062 dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via an archive file containing a symlink to /eng_ptn_stores/prod/sensorSDK/data/ or /eng_ptn_stores/prod/sensorSDK/backup_pol/. | 7.3 |
| 2017-04-28 | CVE-2016-8586 | Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance 2.6.1062 detected_potential_files.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | 8.8 |
| 2017-04-28 | CVE-2016-8585 | Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance 2.6.1062 admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter. | 8.8 |
| 2017-04-28 | CVE-2017-1194 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2017-04-28 | CVE-2017-2156 | Untrusted Search Path vulnerability in Vivaldi Installer for Windows Untrusted search path vulnerability in Vivaldi installer for Windows prior to version 1.7.735.48 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory. | 7.8 |
| 2017-04-28 | CVE-2017-2155 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in I.Con Corporation Hoozin Viewer 2/3 Buffer overflow in Hoozin Viewer 2, 3, 4.1.5.15 and earlier, 5.1.2.13 and earlier, and 6.0.3.09 and earlier allows remote attackers to execute arbitrary code via specially crafted webpage. | 8.8 |