VYPR

Threat Discovery Appliance

by Trend Micro

CVEs (12)

  • CVE-2016-7552CriApr 12, 2017
    risk 0.74cvss 9.8epss 0.93

    On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS.

  • CVE-2016-7547CriApr 12, 2017
    risk 0.74cvss 9.8epss 0.93

    A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in the admin_sys_time.cgi interface.

  • CVE-2016-8584CriApr 28, 2017
    risk 0.64cvss 9.8epss 0.06

    Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses predictable session values, which allows remote attackers to bypass authentication by guessing the value.

  • CVE-2016-8593HigApr 28, 2017
    risk 0.58cvss 8.8epss 0.07

    Directory traversal vulnerability in upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via a .. (dot dot) in the dID parameter.

  • CVE-2016-8592HigApr 28, 2017
    risk 0.58cvss 8.8epss 0.06

    log_query_system.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.

  • CVE-2016-8591HigApr 28, 2017
    risk 0.58cvss 8.8epss 0.06

    log_query.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.

  • CVE-2016-8590HigApr 28, 2017
    risk 0.58cvss 8.8epss 0.06

    log_query_dlp.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.

  • CVE-2016-8589HigApr 28, 2017
    risk 0.58cvss 8.8epss 0.06

    log_query_dae.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.

  • CVE-2016-8586HigApr 28, 2017
    risk 0.58cvss 8.8epss 0.06

    detected_potential_files.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.

  • CVE-2016-8585HigApr 28, 2017
    risk 0.58cvss 8.8epss 0.07

    admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter.

  • CVE-2016-8588HigApr 28, 2017
    risk 0.48cvss 7.3epss 0.02

    The hotfix_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the file name of an uploaded file.

  • CVE-2016-8587HigApr 28, 2017
    risk 0.48cvss 7.3epss 0.02

    dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via an archive file containing a symlink to /eng_ptn_stores/prod/sensorSDK/data/ or /eng_ptn_stores/prod/sensorSDK/backup_pol/.