18 matches found
EUVD-2016-9433
Malware in sbrugna...
EUVD-2016-9440
Malware in sbrugna...
The vulnerability of the microprogramming software of the Trend Micro Threat Discovery Appliance lies in the improper restriction on the path to the restricted access catalog. This allows a malicious actor to delete arbitrary files with root privileges, bypass authentication procedures, or cause service failures.
The vulnerability of the microprogramming software of the Trend Micro Threat Discovery Appliance exists due to an incorrect restriction on the path name to the restricted catalog during the processing of the sessionid parameter from the cookie file. Exploiting this vulnerability allows a maliciou...
Trend Micro Threat Discovery Appliance Directory Traversal Vulnerability
Trend Micro Threat Discovery Appliance TDA is a threat discovery appliance with integrated cloud security technology from Trend Micro. The appliance provides detection of malicious activity at the network layer, threat management services, and threat analysis and reporting. A directory traversal...
Trend Micro Threat Discovery Appliance Arbitrary Code Execution Vulnerability
The Trend Micro Threat Discovery Appliance TDA is a threat discovery appliance with integrated cloud security technology from Trend Micro. The appliance provides detection of malicious activity at the network layer, threat management services, and threat analysis and reporting. A security...
Trend Micro Threat Discovery Appliance Authentication Bypass Vulnerability
Trend Micro Threat Discovery Appliance TDA is a threat discovery appliance with integrated cloud security technology from Trend Micro. The appliance provides detection of malicious activity at the network layer, threat management services, and threat analysis and reporting. A security vulnerabili...
Code injection
adminsystime.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter...
CVE-2016-8585
adminsystime.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter...
CVE-2016-8587
dlppolicyupload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via an archive file containing a symlink to /engptnstores/prod/sensorSDK/data/ or /engptnstores/prod/sensorSDK/backuppol/...
CVE-2016-8590
logquerydlp.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cacheid parameter...
Trend Micro Threat Discovery Appliance <= 2.6.1062r1 admin_sys_time.cgi Command Injection Remote Code Execution Vulnerability Raw(CVE-2016-8585)
Summary: There exists a post authenticated command injection vulnerability that can be used to execute arbitrary code as root. Notes: - Since this is a busybox, getting a connectback seemed hard. So, for this particular PoC, all I did was exec a bind shell using netcat. - Auth is VERY weak, no...
Trend Micro Threat Discovery Appliance 2.6.1062r1 dlp_policy_upload.cgi Information Disclosure Explo
Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a dlppolicyupload.cgi information disclosure vulnerability. !/usr/local/bin/python """ Trend Micro Threat Discovery Appliance + eg: ./poc.py 172.16.175.123 admin /etc/passwd...
Trend Micro Threat Discovery Appliance 2.6.1062r1 admin_sys_time.cgi Remote Code Execution
!/usr/local/bin/python """ Trend Micro Threat Discovery Appliance + eg: ./poc.py 172.16.175.123 admin123 saturn:trendmicrothreatdiscoveryadminsystimerce mrme$ ./poc.py 172.16.175.123 admin123 + logged in... + starting backdoor, this will take a few secs... + calling backdoor! id uid=0root gid=0ro...
Trend Micro Threat Discovery Appliance Command Execution Vulnerability
The Trend Micro Threat Discovery Appliance is the next generation network monitoring appliance. A security vulnerability exists in the Trend Micro Threat Discovery Appliance adminsystime.cgi interface handling timezone parameter. A remote attacker can exploit the vulnerability to submit a special...
Trend Micro Threat Discovery Appliance 2.6.1062r1 Session Generation Authentication Bypass
!/usr/bin/python """ Trend Micro Threat Discovery Appliance = 2.6.1062r1 Session Generation Authentication Bypass Vulnerability Found by: Roberto Suggi Liverani - @malerisch - http://blog.malerisch.net/ & Steven Seeley of Source Incite File: TDAInstallationCD.2.6.1062r1.enUS.iso sha1:...
Trend Micro Threat Discovery Appliance 2.6.1062r1 upload.cgi Remote Code Execution
!/usr/local/bin/python """ Trend Micro Threat Discovery Appliance + eg: ./poc.py 172.16.175.123 admin123 saturn:trendmicrothreatdiscoveryuploadrce mrme$ ./poc.py 172.16.175.123 admin123 + logged in... + popping shell, type 'exit' to exit. $ id uid=0root gid=0root $ uname -a Linux localhost 2.6.24...
Trend Micro Threat Discovery Appliance arbitrary files deletion (CVE-2016-7552)
A file delete in the logoff.cgi interface that allows for an authentication bypass CVE-2016-7552. A command injection in the adminsystime.cgi interface that allows for an attacker to gain remote code execution CVE-2016-7547. Trend Micro are not patching this vulnerability since this product is no...
Trend Micro Threat Intelligence Manager sampleReporting.php 'fakename' Parameter File Disclosure
The version of Trend Micro Threat Intelligence Manager running on the remote Windows host is affected by a file disclosure vulnerability due to a failure to properly sanitize user-supplied input to the 'fakename' parameter in the sampleReporting.php script. A remote, unauthenticated attacker, usi...