Vulnerabilities > Trendmicro > Threat Discovery Appliance > Critical

DATE CVE VULNERABILITY TITLE RISK
2017-04-28 CVE-2016-8585 Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance
admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter.
network
low complexity
trendmicro CWE-264
critical
9.0
2017-04-28 CVE-2016-8586 Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance
detected_potential_files.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
network
low complexity
trendmicro CWE-264
critical
9.0
2017-04-28 CVE-2016-8589 Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance
log_query_dae.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
network
low complexity
trendmicro CWE-264
critical
9.0
2017-04-28 CVE-2016-8590 Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance
log_query_dlp.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
network
low complexity
trendmicro CWE-264
critical
9.0
2017-04-28 CVE-2016-8591 Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance
log_query.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
network
low complexity
trendmicro CWE-264
critical
9.0
2017-04-28 CVE-2016-8592 Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance
log_query_system.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
network
low complexity
trendmicro CWE-264
critical
9.0
2017-04-12 CVE-2016-7552 Path Traversal vulnerability in Trendmicro Threat Discovery Appliance 2.6.1062
On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root.
network
low complexity
trendmicro CWE-22
critical
10.0