Threat Discovery Appliance
Sign in to watchby Trend Micro
CVEs (8)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-7547 | Cri | 0.74 | 9.8 | 0.89 | Apr 12, 2017 | A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in the admin_sys_time.cgi interface. | |
| CVE-2016-8593 | Hig | 0.58 | 8.8 | 0.05 | Apr 28, 2017 | Directory traversal vulnerability in upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via a .. (dot dot) in the dID parameter. | |
| CVE-2016-8585 | Hig | 0.58 | 8.8 | 0.07 | Apr 28, 2017 | admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter. | |
| CVE-2016-8592 | Hig | 0.57 | 8.8 | 0.03 | Apr 28, 2017 | log_query_system.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | |
| CVE-2016-8591 | Hig | 0.57 | 8.8 | 0.03 | Apr 28, 2017 | log_query.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | |
| CVE-2016-8590 | Hig | 0.57 | 8.8 | 0.03 | Apr 28, 2017 | log_query_dlp.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | |
| CVE-2016-8586 | Hig | 0.57 | 8.8 | 0.03 | Apr 28, 2017 | detected_potential_files.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | |
| CVE-2016-8587 | Hig | 0.47 | 7.3 | 0.01 | Apr 28, 2017 | dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via an archive file containing a symlink to /eng_ptn_stores/prod/sensorSDK/data/ or /eng_ptn_stores/prod/sensorSDK/backup_pol/. |