Trend Micro InterScan Web Security Virtual Appliance ManageIPConfig setHostname Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within ManageIPConfig's setDataIPConfig method. A crafted...

Trend Micro InterScan Web Security Virtual Appliance ManageIPConfig setMgmtIPConfig Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within ManageIPConfig's setMgmtIPConfig method. A crafted IP...

Trend Micro InterScan Web Security Virtual Appliance ManageIPConfig setDataIPConfig DNS Information Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within ManageIPConfig's setDataIPConfig method. A crafted DN...

Trend Micro InterScan Web Security Virtual Appliance ClusterManagement ChangeNodeSetting Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within ClusterManagement's ChangeNodeSetting function. A...

Trend Micro Deep Discovery Email Inspector download_pdf Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Deep Discovery Email Inspector. Authentication is not required to exploit this vulnerability. The specific flaw exists within downloadpdf.php. The issue results from the lack of proper...

Trend Micro Deep Discovery Email Inspector write_new_html_with_svg Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Deep Discovery Email Inspector. Authentication is not required to exploit this vulnerability. The specific flaw exists within writenewhtmlwithsvg.php. The issue results from the lack of...

Trend Micro Deep Discovery Email Inspector get_filesize Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Deep Discovery Email Inspector. Authentication is not required to exploit this vulnerability. The specific flaw exists within getfilesize.php. The issue results from the lack of proper...

Trend Micro Deep Discovery Email Inspector ajax_checklicense_AC Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Deep Discovery Email Inspector. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxchecklicenseAC.php. The issue results from the lack of...

Trend Micro Deep Discovery Email Inspector network_dump Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Deep Discovery Email Inspector. Authentication is not required to exploit this vulnerability. The specific flaw exists within networkdump.php. The issue results from the lack of proper...

Trend Micro SafeSync for Enterprise mount_local_device Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro SafeSync for Enterprise. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

Trend Micro SafeSync for Enterprise dead_local_device Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro SafeSync for Enterprise. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

DEBIAN-CVE-2016-6802

Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path...

CVE-2016-6802

Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path...

UBUNTU-CVE-2016-6802

Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path...

CVE-2016-6802

CVE-2016-6802 affects Apache Shiro prior to 1.3.2. The issue allows bypass of intended servlet filters by leveraging a non-root servlet context path, enabling an attacker to gain access. The risk and exploit details are limited in the provided documents; the core vulnerability is a path/filters b...

CVE-2016-6802

Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path...

PT-2016-7118 · Apache +2 · Apache Shiro +2

Name of the Vulnerable Software and Affected Versions: Apache Shiro versions prior to 1.3.2 Description: The issue allows attackers to bypass intended servlet filters and gain access by leveraging the use of a non-root servlet context path. Recommendations: For versions prior to 1.3.2, update to...

Dell SonicWALL GMS Virtual Appliance Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Dell SonicWALL GMS Virtual Appliance. Authentication is not required to exploit this vulnerability. The specific flaw exists within the cliserver implementation, which accepts, deserializes, and...

ASUS TM-AC1900 Buffer Overflow Vulnerability

The ASUS TM-AC1900 is a wireless router. The ASUS TM-AC1900 suffers from a security vulnerability in the HTTP header parsing program, which can be exploited by an attacker to execute arbitrary code in the root context because the program fails to properly check the header value...

Symantec Web Gateway Arbitrary PHP File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Web Gateway. Authentication is required to exploit this vulnerability, however it can be bypassed via reflected cross-site scripting. The specific flaw exists within the adminmessages.php...