CVE-2016-7552

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/trendmicrothreatdiscoveryadminsystimecmdi.rb 2025-02-06 03:13:42+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23...

Trend Micro Threat Discovery Appliance <= 2.6.1062r1 logoff.cgi Directory Traversal Authentication Bypass Vulnerability（CVE-2016-7552）

Summary: There exists a pre-authenticated directory traversal vulnerability that allows an attacker to delete any folder or file as root. This can result in an attacker causing a DoS or bypassing authentication. Exploitation: An attacker can use this vulnerability to bypass the authentication by...

Trend Micro Threat Discovery Appliance 2.6.1062r1 log_query_dlp.cgi Remote Code Execution

!/usr/local/bin/python """ Trend Micro Threat Discovery Appliance + eg: ./poc.py 172.16.175.123 admin123 saturn:trendmicrothreatdiscoverylogquerydlprce mrme$ ./poc.py 172.16.175.123 admin + logged in... + starting backdoor, this will take a few secs... + calling backdoor! id uid=0root gid=0root...

Trend Micro Threat Discovery Appliance 2.6.1062r1 log_query_dae.cgi Remote Code Execution Exploit

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a logquerydae.cgi remote code execution vulnerability. !/usr/local/bin/python """ Trend Micro Threat Discovery Appliance + eg: ./poc.py 172.16.175.123 admin123 saturn:trendmicrothreatdiscoverylogquerydaerce mrme$...

Trend Micro Threat Discovery Appliance admin_sys_time.cgi Remote Command Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Trend Micro Threat Discovery Appliance adminsystime.cgi Remote Command Execution', 'Description' = %q This module exploits two...

CVE-2016-7552

CVE-2016-7552 affects Trend Micro Threat Discovery Appliance 2.6.1062r1. Affected component: logoff.cgi, where processing of the session_id cookie triggers a directory traversal vulnerability that can let a remote, unauthenticated attacker delete files as root, bypass authentication, or cause a D...

Trend Micro Threat Discovery Appliance remote code execution（CVE-2016-7547）

A command injection in the adminsystime. the cgi interface that allows for an attacker to gain remote code execution CVE-2016-7547. Vulnerability linkage: https://www.seebug.org/vuldb/ssvid-92938 This module requires Metasploit: http://metasploit.com/download Current source:...