Vulnerabilities > Trendmicro > Threat Discovery Appliance

DATE CVE VULNERABILITY TITLE RISK
2017-04-28 CVE-2016-8593 Path Traversal vulnerability in Trendmicro Threat Discovery Appliance
Directory traversal vulnerability in upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via a ..
network
low complexity
trendmicro CWE-22
6.5
2017-04-28 CVE-2016-8592 Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance
log_query_system.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
network
low complexity
trendmicro CWE-264
critical
9.0
2017-04-28 CVE-2016-8591 Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance
log_query.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
network
low complexity
trendmicro CWE-264
critical
9.0
2017-04-28 CVE-2016-8590 Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance
log_query_dlp.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
network
low complexity
trendmicro CWE-264
critical
9.0
2017-04-28 CVE-2016-8589 Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance
log_query_dae.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
network
low complexity
trendmicro CWE-264
critical
9.0
2017-04-28 CVE-2016-8588 Improper Access Control vulnerability in Trendmicro Threat Discovery Appliance
The hotfix_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the file name of an uploaded file.
6.0
2017-04-28 CVE-2016-8587 Improper Access Control vulnerability in Trendmicro Threat Discovery Appliance
dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via an archive file containing a symlink to /eng_ptn_stores/prod/sensorSDK/data/ or /eng_ptn_stores/prod/sensorSDK/backup_pol/.
6.0
2017-04-28 CVE-2016-8586 Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance
detected_potential_files.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
network
low complexity
trendmicro CWE-264
critical
9.0
2017-04-28 CVE-2016-8585 Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance
admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter.
network
low complexity
trendmicro CWE-264
critical
9.0
2017-04-28 CVE-2016-8584 Improper Access Control vulnerability in Trendmicro Threat Discovery Appliance
Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses predictable session values, which allows remote attackers to bypass authentication by guessing the value.
network
low complexity
trendmicro CWE-284
7.5