3 matches found
CVE-2016-8590
logquerydlp.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cacheid parameter...
CVE-2016-8590
CVE-2016-8590 affects Trend Micro Threat Discovery Appliance (TDA) 2.6.1062r1 and earlier. The vulnerability in log_query_dlp.cgi allows remote authenticated users to execute arbitrary code as root via shell metacharacters in the cache_id parameter, with public PoCs/exploits noted (e.g., Seebug, ...
Trend Micro Threat Discovery Appliance <= 2.6.1062r1 log_query_dlp.cgi Command Injection Remote Code Execution Vulnerability (CVE-2016-8590)
Summary: There exists a post authenticated command injection vulnerability that can be used to execute arbitrary code as root. Notes: - Since this is a busybox, getting a connectback seemed hard. So, for this particular PoC, all I did was exec a bind shell using netcat. - Auth is VERY weak, no...