Vulnerabilities > Trendmicro > Threat Discovery Appliance

DATE CVE VULNERABILITY TITLE RISK
2017-04-28 CVE-2016-8593 Path Traversal vulnerability in Trendmicro Threat Discovery Appliance 2.6.1062
Directory traversal vulnerability in upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via a ..
network
low complexity
trendmicro CWE-22
8.8
2017-04-28 CVE-2016-8592 Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance 2.6.1062
log_query_system.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
network
low complexity
trendmicro CWE-264
8.8
2017-04-28 CVE-2016-8591 Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance 2.6.1062
log_query.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
network
low complexity
trendmicro CWE-264
8.8
2017-04-28 CVE-2016-8590 Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance 2.6.1062
log_query_dlp.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
network
low complexity
trendmicro CWE-264
8.8
2017-04-28 CVE-2016-8589 Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance 2.6.1062
log_query_dae.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
network
low complexity
trendmicro CWE-264
8.8
2017-04-28 CVE-2016-8588 Improper Access Control vulnerability in Trendmicro Threat Discovery Appliance 2.6.1062
The hotfix_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the file name of an uploaded file.
local
low complexity
trendmicro CWE-284
7.3
2017-04-28 CVE-2016-8587 Improper Access Control vulnerability in Trendmicro Threat Discovery Appliance 2.6.1062
dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via an archive file containing a symlink to /eng_ptn_stores/prod/sensorSDK/data/ or /eng_ptn_stores/prod/sensorSDK/backup_pol/.
local
low complexity
trendmicro CWE-284
7.3
2017-04-28 CVE-2016-8586 Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance 2.6.1062
detected_potential_files.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
network
low complexity
trendmicro CWE-264
8.8
2017-04-28 CVE-2016-8585 Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance 2.6.1062
admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter.
network
low complexity
trendmicro CWE-264
8.8
2017-04-28 CVE-2016-8584 Improper Access Control vulnerability in Trendmicro Threat Discovery Appliance 2.6.1062
Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses predictable session values, which allows remote attackers to bypass authentication by guessing the value.
network
low complexity
trendmicro CWE-284
critical
9.8