17 matches found
EUVD-2017-3006
Malware in sbrugna...
Trend Micro Deep Discovery Director Command Injection Vulnerability
Trend Micro Deep Discovery is a protection product from Trend Micro that detects and identifies hard-to-find threats in real time and proposes solutions. director is one of the built-in solutions with the ability to update and upgrade various programs in Deep Discovery. A command injection...
CVE-2017-11380
Backup archives were found to be encrypted with a static password across different installations, which suggest the same password may be used in all virtual appliance instances of Trend Micro Deep Discovery Director 1.1...
Command injection
A command injection vulnerability exists in Trend Micro Deep Discovery Director 1.1 that allows an attacker to restore accounts that can access the pre-configuration console...
CVE-2017-11381
A command injection vulnerability exists in Trend Micro Deep Discovery Director 1.1 that allows an attacker to restore accounts that can access the pre-configuration console...
CVE-2017-11379
Configuration and database backup archives are not signed or validated in Trend Micro Deep Discovery Director 1.1...
CVE-2017-11380
Backup archives were found to be encrypted with a static password across different installations, which suggest the same password may be used in all virtual appliance instances of Trend Micro Deep Discovery Director 1.1...
CVE-2017-11379
Configuration and database backup archives are not signed or validated in Trend Micro Deep Discovery Director 1.1...
Design/Logic Flaw
Backup archives were found to be encrypted with a static password across different installations, which suggest the same password may be used in all virtual appliance instances of Trend Micro Deep Discovery Director 1.1...
CVE-2017-11381
A command injection vulnerability exists in Trend Micro Deep Discovery Director 1.1 that allows an attacker to restore accounts that can access the pre-configuration console...
CVE-2017-11380
Backup archives were found to be encrypted with a static password across different installations, which suggest the same password may be used in all virtual appliance instances of Trend Micro Deep Discovery Director 1.1...
CVE-2017-11379
Configuration and database backup archives are not signed or validated in Trend Micro Deep Discovery Director 1.1...
CVE-2017-11381
Summary: CVE-2017-11381 affects Trend Micro Deep Discovery Director 1.1. A command injection vulnerability exists in the backup/restore flow that can be exploited to restore accounts and ultimately gain code execution as root. The issue arises during the restore of textUI accounts: the process as...
CVE-2017-11379
CVE-2017-11379 (and related CVEs 11380, 11381) affect Trend Micro Deep Discovery Director 1.1. Core Security CORE-2017-0005 reports vulnerabilities in the backup/restore workflow: backups are not signed/validated, archives are encrypted with a static password across appliances, and a command-inje...
CVE-2017-11380
The connected CORE advisory for Trend Micro Deep Discovery Director 1.1 details CVE-2017-11380 (backup archives encrypted with a static, hard-coded password) and CVE-2017-11381 (command injection during backup-restore accounts handling), enabling potential code execution with root privileges via ...
CVE-2017-11381
A command injection vulnerability exists in Trend Micro Deep Discovery Director 1.1 that allows an attacker to restore accounts that can access the pre-configuration console...
Trend Micro Deep Discovery Director vulnerability analysis-vulnerability warning-the black bar safety net
Vulnerability information Type: OS command in the special elements improper handling ofCWE-78, use of hard-coded cryptographic keysCWE-321, data authenticity verification is insufficientCWE-345 Impact: code execution Remote exploit: Yes Local exploit: Yes CVE name: CVE-pending-assignment-1,...