Lucene search
K

18 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2016-9433

Malware in sbrugna...

9CVSS8.8AI score0.0612EPSS
Exploits5References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2016-9440

Malware in sbrugna...

8.8CVSS8.8AI score0.07047EPSS
Exploits5References3
BDU FSTEC
BDU FSTEC
added 2017/11/23 12:0 a.m.8 views

The vulnerability of the microprogramming software of the Trend Micro Threat Discovery Appliance lies in the improper restriction on the path to the restricted access catalog. This allows a malicious actor to delete arbitrary files with root privileges, bypass authentication procedures, or cause service failures.

The vulnerability of the microprogramming software of the Trend Micro Threat Discovery Appliance exists due to an incorrect restriction on the path name to the restricted catalog during the processing of the sessionid parameter from the cookie file. Exploiting this vulnerability allows a maliciou...

10CVSS7.7AI score0.93249EPSS
Exploits15References3Affected Software1
CNVD
CNVD
added 2017/05/03 12:0 a.m.12 views

Trend Micro Threat Discovery Appliance Directory Traversal Vulnerability

Trend Micro Threat Discovery Appliance TDA is a threat discovery appliance with integrated cloud security technology from Trend Micro. The appliance provides detection of malicious activity at the network layer, threat management services, and threat analysis and reporting. A directory traversal...

8.8CVSS7.8AI score0.07047EPSS
Exploits5References1
CNVD
CNVD
added 2017/05/03 12:0 a.m.6 views

Trend Micro Threat Discovery Appliance Arbitrary Code Execution Vulnerability

The Trend Micro Threat Discovery Appliance TDA is a threat discovery appliance with integrated cloud security technology from Trend Micro. The appliance provides detection of malicious activity at the network layer, threat management services, and threat analysis and reporting. A security...

9CVSS8AI score0.07204EPSS
Exploits5References1
CNVD
CNVD
added 2017/05/03 12:0 a.m.9 views

Trend Micro Threat Discovery Appliance Authentication Bypass Vulnerability

Trend Micro Threat Discovery Appliance TDA is a threat discovery appliance with integrated cloud security technology from Trend Micro. The appliance provides detection of malicious activity at the network layer, threat management services, and threat analysis and reporting. A security vulnerabili...

9.8CVSS6.9AI score0.0552EPSS
Exploits8References1
Prion
Prion
added 2017/04/28 7:59 p.m.23 views

Code injection

adminsystime.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter...

9CVSS7.9AI score0.07204EPSS
Exploits5References3Affected Software1
NVD
NVD
added 2017/04/28 7:59 p.m.23 views

CVE-2016-8585

adminsystime.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter...

9CVSS8.7AI score0.07204EPSS
Exploits5References3
OSV
OSV
added 2017/04/28 7:59 p.m.3 views

CVE-2016-8587

dlppolicyupload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via an archive file containing a symlink to /engptnstores/prod/sensorSDK/data/ or /engptnstores/prod/sensorSDK/backuppol/...

7.3CVSS6.1AI score0.0245EPSS
Exploits5References2
OSV
OSV
added 2017/04/28 7:59 p.m.7 views

CVE-2016-8590

logquerydlp.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cacheid parameter...

8.8CVSS6.1AI score0.05737EPSS
Exploits5References1
seebug.org
seebug.org
added 2017/04/21 12:0 a.m.40 views

Trend Micro Threat Discovery Appliance <= 2.6.1062r1 admin_sys_time.cgi Command Injection Remote Code Execution Vulnerability Raw(CVE-2016-8585)

Summary: There exists a post authenticated command injection vulnerability that can be used to execute arbitrary code as root. Notes: - Since this is a busybox, getting a connectback seemed hard. So, for this particular PoC, all I did was exec a bind shell using netcat. - Auth is VERY weak, no...

9CVSS9.6AI score0.07204EPSS
Exploits5
0day.today
0day.today
added 2017/04/20 12:0 a.m.72 views

Trend Micro Threat Discovery Appliance 2.6.1062r1 dlp_policy_upload.cgi Information Disclosure Explo

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a dlppolicyupload.cgi information disclosure vulnerability. !/usr/local/bin/python """ Trend Micro Threat Discovery Appliance + eg: ./poc.py 172.16.175.123 admin /etc/passwd...

7.5CVSS8.7AI score0.92721EPSS
Exploits9
Packet Storm
Packet Storm
added 2017/04/20 12:0 a.m.68 views

Trend Micro Threat Discovery Appliance 2.6.1062r1 admin_sys_time.cgi Remote Code Execution

!/usr/local/bin/python """ Trend Micro Threat Discovery Appliance + eg: ./poc.py 172.16.175.123 admin123 saturn:trendmicrothreatdiscoveryadminsystimerce mrme$ ./poc.py 172.16.175.123 admin123 + logged in... + starting backdoor, this will take a few secs... + calling backdoor! id uid=0root gid=0ro...

0.5AI score0.07204EPSS
Exploits5
CNVD
CNVD
added 2017/04/20 12:0 a.m.13 views

Trend Micro Threat Discovery Appliance Command Execution Vulnerability

The Trend Micro Threat Discovery Appliance is the next generation network monitoring appliance. A security vulnerability exists in the Trend Micro Threat Discovery Appliance adminsystime.cgi interface handling timezone parameter. A remote attacker can exploit the vulnerability to submit a special...

9.8CVSS7.5AI score0.92721EPSS
Exploits9References1
Packet Storm
Packet Storm
added 2017/04/20 12:0 a.m.63 views

Trend Micro Threat Discovery Appliance 2.6.1062r1 Session Generation Authentication Bypass

!/usr/bin/python """ Trend Micro Threat Discovery Appliance = 2.6.1062r1 Session Generation Authentication Bypass Vulnerability Found by: Roberto Suggi Liverani - @malerisch - http://blog.malerisch.net/ & Steven Seeley of Source Incite File: TDAInstallationCD.2.6.1062r1.enUS.iso sha1:...

0.5AI score0.0552EPSS
Exploits8
Packet Storm
Packet Storm
added 2017/04/19 12:0 a.m.50 views

Trend Micro Threat Discovery Appliance 2.6.1062r1 upload.cgi Remote Code Execution

!/usr/local/bin/python """ Trend Micro Threat Discovery Appliance + eg: ./poc.py 172.16.175.123 admin123 saturn:trendmicrothreatdiscoveryuploadrce mrme$ ./poc.py 172.16.175.123 admin123 + logged in... + popping shell, type 'exit' to exit. $ id uid=0root gid=0root $ uname -a Linux localhost 2.6.24...

0.4AI score0.07047EPSS
Exploits5
seebug.org
seebug.org
added 2017/04/12 12:0 a.m.43 views

Trend Micro Threat Discovery Appliance arbitrary files deletion (CVE-2016-7552)

A file delete in the logoff.cgi interface that allows for an authentication bypass CVE-2016-7552. A command injection in the adminsystime.cgi interface that allows for an attacker to gain remote code execution CVE-2016-7547. Trend Micro are not patching this vulnerability since this product is no...

10CVSS10.3AI score0.93249EPSS
Exploits19
Tenable Nessus
Tenable Nessus
added 2015/07/22 12:0 a.m.29 views

Trend Micro Threat Intelligence Manager sampleReporting.php 'fakename' Parameter File Disclosure

The version of Trend Micro Threat Intelligence Manager running on the remote Windows host is affected by a file disclosure vulnerability due to a failure to properly sanitize user-supplied input to the 'fakename' parameter in the sampleReporting.php script. A remote, unauthenticated attacker, usi...

6.5AI score
Exploits0References3
Rows per page
Query Builder