Skip to main content

Threat Discovery Appliance

12 CVEs product

Monthly

CVE-2016-8593 HIGH POC This Week

Directory traversal vulnerability in upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via a .. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Trend Micro RCE Threat Discovery Appliance
NVD
CVSS 3.0
8.8
EPSS
4.6%
CVE-2016-8592 HIGH POC This Week

log_query_system.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Trend Micro Privilege Escalation Threat Discovery Appliance
NVD
CVSS 3.0
8.8
EPSS
3.3%
CVE-2016-8591 HIGH POC This Week

log_query.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Trend Micro Privilege Escalation Threat Discovery Appliance
NVD
CVSS 3.0
8.8
EPSS
3.3%
CVE-2016-8590 HIGH POC This Week

log_query_dlp.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Trend Micro Privilege Escalation Threat Discovery Appliance
NVD
CVSS 3.0
8.8
EPSS
3.3%
CVE-2016-8589 HIGH POC This Week

log_query_dae.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Trend Micro Privilege Escalation Threat Discovery Appliance
NVD
CVSS 3.0
8.8
EPSS
3.3%
CVE-2016-8588 HIGH POC This Week

The hotfix_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the file name of an. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Trend Micro Authentication Bypass Threat Discovery Appliance
NVD
CVSS 3.0
7.3
EPSS
0.5%
CVE-2016-8587 HIGH POC This Week

dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via an archive file containing a symlink to. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Trend Micro Authentication Bypass Threat Discovery Appliance
NVD
CVSS 3.0
7.3
EPSS
0.5%
CVE-2016-8586 HIGH POC This Week

detected_potential_files.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Trend Micro Privilege Escalation Threat Discovery Appliance
NVD
CVSS 3.0
8.8
EPSS
3.3%
CVE-2016-8585 HIGH POC This Week

admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Trend Micro Privilege Escalation Threat Discovery Appliance
NVD
CVSS 3.0
8.8
EPSS
7.3%
CVE-2016-8584 CRITICAL POC Act Now

Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses predictable session values, which allows remote attackers to bypass authentication by guessing the value. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Authentication Bypass Threat Discovery Appliance
NVD
CVSS 3.0
9.8
EPSS
4.1%
CVE-2016-7552 CRITICAL POC THREAT Emergency

On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 93.0%.

Path Traversal Trend Micro Threat Discovery Appliance
NVD GitHub
CVSS 3.0
9.8
EPSS
93.0%
Threat
6.2
CVE-2016-7547 CRITICAL POC THREAT Emergency

A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in the admin_sys_time.cgi interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 89.4%.

Trend Micro Information Disclosure Threat Discovery Appliance
NVD GitHub
CVSS 3.0
9.8
EPSS
89.4%
Threat
6.1
EPSS 5% CVSS 8.8
HIGH POC This Week

Directory traversal vulnerability in upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via a .. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Trend Micro RCE +1
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

log_query_system.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Trend Micro Privilege Escalation +1
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

log_query.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Trend Micro Privilege Escalation +1
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

log_query_dlp.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Trend Micro Privilege Escalation +1
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

log_query_dae.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Trend Micro Privilege Escalation +1
NVD
EPSS 1% CVSS 7.3
HIGH POC This Week

The hotfix_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the file name of an. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Trend Micro Authentication Bypass +1
NVD
EPSS 1% CVSS 7.3
HIGH POC This Week

dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via an archive file containing a symlink to. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Trend Micro Authentication Bypass +1
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

detected_potential_files.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Trend Micro Privilege Escalation +1
NVD
EPSS 7% CVSS 8.8
HIGH POC This Week

admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Trend Micro Privilege Escalation +1
NVD
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses predictable session values, which allows remote attackers to bypass authentication by guessing the value. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Authentication Bypass Threat Discovery Appliance
NVD
EPSS 93% 6.2 CVSS 9.8
CRITICAL POC THREAT Emergency

On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 93.0%.

Path Traversal Trend Micro Threat Discovery Appliance
NVD GitHub
EPSS 89% 6.1 CVSS 9.8
CRITICAL POC THREAT Emergency

A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in the admin_sys_time.cgi interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 89.4%.

Trend Micro Information Disclosure Threat Discovery Appliance
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy