Lucene search
K

238 matches found

Prion
Prion
added 2017/04/28 7:59 p.m.23 views

Code injection

adminsystime.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter...

9CVSS7.9AI score0.07204EPSS
Exploits5References3Affected Software1
NVD
NVD
added 2017/04/28 7:59 p.m.23 views

CVE-2016-8585

adminsystime.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter...

9CVSS8.7AI score0.07204EPSS
Exploits5References3
Cvelist
Cvelist
added 2017/04/28 7:0 p.m.30 views

CVE-2016-8585

adminsystime.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter...

8.8AI score0.07204EPSS
Exploits5References3
CNVD
CNVD
added 2017/04/20 12:0 a.m.12 views

Trend Micro Threat Discovery Appliance Command Execution Vulnerability

The Trend Micro Threat Discovery Appliance is the next generation network monitoring appliance. A security vulnerability exists in the Trend Micro Threat Discovery Appliance adminsystime.cgi interface handling timezone parameter. A remote attacker can exploit the vulnerability to submit a special...

9.8CVSS7.5AI score0.92721EPSS
Exploits9References1
Prion
Prion
added 2017/04/12 10:59 a.m.22 views

Command injection

A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in the adminsystime.cgi interface...

7.5CVSS7.2AI score0.92721EPSS
Exploits9References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2017/04/12 10:59 a.m.3 views

CVE-2016-7547

A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in the adminsystime.cgi interface...

9.8CVSS5.7AI score0.92721EPSS
Exploits9References4
OSV
OSV
added 2017/04/12 10:59 a.m.5 views

CVE-2016-7547

A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in the adminsystime.cgi interface...

9.8CVSS5.9AI score0.92721EPSS
Exploits9References2
seebug.org
seebug.org
added 2017/04/12 12:0 a.m.70 views

Trend Micro Threat Discovery Appliance remote code execution(CVE-2016-7547)

A command injection in the adminsystime. the cgi interface that allows for an attacker to gain remote code execution CVE-2016-7547. Vulnerability linkage: https://www.seebug.org/vuldb/ssvid-92938 This module requires Metasploit: http://metasploit.com/download Current source:...

10CVSS10.2AI score0.93249EPSS
Exploits19
Mageia
Mageia
added 2015/01/05 4:30 p.m.35 views

Updated openvas-manager packages fix security vulnerability

Updated openvas-manager packages fixes security vulnerability: It has been identified that OpenVAS Manager before 4.0.6 is vulnerable to sql injections due to a improper handling of the timezone parameter in modifyschedule OMP command. It has been identified that this vulnerability may allow...

7.5CVSS6.2AI score0.02065EPSS
Exploits0References3
Prion
Prion
added 2014/12/03 1:59 a.m.19 views

Sql injection

SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modifyschedule OMP command...

7.5CVSS8.9AI score0.02065EPSS
Exploits0References5Affected Software3
Cvelist
Cvelist
added 2014/12/03 1:0 a.m.23 views

CVE-2014-9220

SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modifyschedule OMP command...

8AI score0.02065EPSS
Exploits0References5
NVD
NVD
added 2014/03/14 5:55 p.m.20 views

CVE-2013-0301

Cross-site request forgery CSRF vulnerability in apps/calendar/ajax/settings/settimezone in ownCloud before 4.0.12 allows remote attackers to hijack the authentication of users for requests that change the timezone via the timezone parameter...

6.8CVSS7AI score0.00615EPSS
Exploits0References1
CVE
CVE
added 2014/03/14 5:0 p.m.50 views

CVE-2013-0301

CVE-2013-0301 affects ownCloud Calendar CSRF in apps/calendar/ajax/settings/settimezone, allowing remote attackers to hijack user sessions to change timezone. Public details show vulnerable versions: ownCloud before 4.0.12 (and related advisories) with this CSRF in the timezone parameter; impact ...

6.8CVSS7.2AI score0.00615EPSS
Exploits0References1Affected Software2
Saint
Saint
added 2006/10/27 12:0 a.m.27 views

Serv-U FTP Server MDTM timezone buffer overflow

Added: 10/27/2006 CVE: CVE-2004-0330 BID: 9751 OSVDB: 4073 Background Serv-U FTP Server supports the MDTM command which allows users to modify the time stamp on files. Problem A buffer overflow in Serv-U FTP Server allows remote authenticated attackers to execute arbitrary commands by sending the...

10CVSS7.6AI score0.8547EPSS
Exploits8
Saint
Saint
added 2006/10/27 12:0 a.m.46 views

Serv-U FTP Server MDTM timezone buffer overflow

Added: 10/27/2006 CVE: CVE-2004-0330 BID: 9751 OSVDB: 4073 Background Serv-U FTP Server supports the MDTM command which allows users to modify the time stamp on files. Problem A buffer overflow in Serv-U FTP Server allows remote authenticated attackers to execute arbitrary commands by sending the...

10CVSS7.6AI score0.8547EPSS
Exploits8
NVD
NVD
added 2001/07/02 4:0 a.m.10 views

CVE-2001-0464

Buffer overflow in websync.exe in Cyberscheduler allows remote attackers to execute arbitrary commands via a long tzs timezone parameter...

10CVSS7.8AI score0.06739EPSS
Exploits1References2
Cvelist
Cvelist
added 2001/05/24 4:0 a.m.15 views

CVE-2001-0464

Buffer overflow in websync.exe in Cyberscheduler allows remote attackers to execute arbitrary commands via a long tzs timezone parameter...

7.8AI score0.06739EPSS
Exploits1References2
CVE
CVE
added 2001/05/24 4:0 a.m.35 views

CVE-2001-0464

CVE-2001-0464 describes a buffer overflow in the Cyberscheduler component websync.exe . The overflow is triggered by a long tzs (timezone) parameter, allowing a remote attacker to execute arbitrary commands. The vulnerability is rated with a HIGH base score and network attack Vector with no authe...

10CVSS8.2AI score0.06739EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder