Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
threat discovery appliance vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2016-8586
detected_potential_files.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and previous versions allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
Trendmicro Threat Discovery Appliance
8.8
CVSSv3
CVE-2016-8593
Directory traversal vulnerability in upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and previous versions allows remote authenticated users to execute arbitrary code via a .. (dot dot) in the dID parameter.
Trendmicro Threat Discovery Appliance
9.8
CVSSv3
CVE-2016-8584
Trend Micro Threat Discovery Appliance 2.6.1062r1 and previous versions uses predictable session values, which allows remote malicious users to bypass authentication by guessing the value.
Trendmicro Threat Discovery Appliance
2 Github repositories
8.8
CVSSv3
CVE-2016-8585
admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and previous versions allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter.
Trendmicro Threat Discovery Appliance
7.3
CVSSv3
CVE-2016-8588
The hotfix_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and previous versions allows remote authenticated users to execute arbitrary code via shell metacharacters in the file name of an uploaded file.
Trendmicro Threat Discovery Appliance
8.8
CVSSv3
CVE-2016-8589
log_query_dae.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and previous versions allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
Trendmicro Threat Discovery Appliance
8.8
CVSSv3
CVE-2016-8590
log_query_dlp.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and previous versions allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
Trendmicro Threat Discovery Appliance
8.8
CVSSv3
CVE-2016-8591
log_query.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and previous versions allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
Trendmicro Threat Discovery Appliance
8.8
CVSSv3
CVE-2016-8592
log_query_system.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and previous versions allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
Trendmicro Threat Discovery Appliance
7.3
CVSSv3
CVE-2016-8587
dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and previous versions allows remote authenticated users to execute arbitrary code via an archive file containing a symlink to /eng_ptn_stores/prod/sensorSDK/data/ or /eng_ptn_stores/prod/sensorSDK/backup_p...
Trendmicro Threat Discovery Appliance
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675
CVE-2024-3400
CVE-2024-23557
mass assignment
CVE-2023-1389
local file inclusion
CVE-2024-32596
file upload
CVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »