Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2017
CVE-2016-8585
admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter.
CVSS Score
8.8
EPSS Score
0.072
Published
2017-04-28
CVE-2016-8586
detected_potential_files.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
CVSS Score
8.8
EPSS Score
0.061
Published
2017-04-28
CVE-2016-8587
dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via an archive file containing a symlink to /eng_ptn_stores/prod/sensorSDK/data/ or /eng_ptn_stores/prod/sensorSDK/backup_pol/.
CVSS Score
7.3
EPSS Score
0.025
Published
2017-04-28
CVE-2016-8588
The hotfix_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the file name of an uploaded file.
CVSS Score
7.3
EPSS Score
0.022
Published
2017-04-28
CVE-2016-8589
log_query_dae.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
CVSS Score
8.8
EPSS Score
0.057
Published
2017-04-28
CVE-2016-8590
log_query_dlp.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
CVSS Score
8.8
EPSS Score
0.057
Published
2017-04-28
CVE-2016-8591
log_query.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
CVSS Score
8.8
EPSS Score
0.062
Published
2017-04-28
CVE-2016-8592
log_query_system.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
CVSS Score
8.8
EPSS Score
0.062
Published
2017-04-28
CVE-2016-8593
Directory traversal vulnerability in upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via a .. (dot dot) in the dID parameter.
CVSS Score
8.8
EPSS Score
0.07
Published
2017-04-28
CVE-2017-1141
IBM Insights Foundation for Energy 1.0, 1.5, and 1.6 could allow an authenticated user to obtain sensitive information from error messages. IBM X-Force ID: 121907.
CVSS Score
4.3
EPSS Score
0.008
Published
2017-04-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved