Shodan
Vulnerabilities
Vulnerable Software
Trendmicro:  >> Threat Discovery Appliance  >> 2.6.1062  Security Vulnerabilities
CVE-2016-8584
Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses predictable session values, which allows remote attackers to bypass authentication by guessing the value.
CVSS Score
9.8
EPSS Score
0.041
Published
2017-04-28
CVE-2016-8585
admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter.
CVSS Score
8.8
EPSS Score
0.095
Published
2017-04-28
CVE-2016-8586
detected_potential_files.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
CVSS Score
8.8
EPSS Score
0.035
Published
2017-04-28
CVE-2016-8587
dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via an archive file containing a symlink to /eng_ptn_stores/prod/sensorSDK/data/ or /eng_ptn_stores/prod/sensorSDK/backup_pol/.
CVSS Score
7.3
EPSS Score
0.006
Published
2017-04-28
CVE-2016-8588
The hotfix_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the file name of an uploaded file.
CVSS Score
7.3
EPSS Score
0.006
Published
2017-04-28
CVE-2016-8589
log_query_dae.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
CVSS Score
8.8
EPSS Score
0.035
Published
2017-04-28
CVE-2016-8590
log_query_dlp.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
CVSS Score
8.8
EPSS Score
0.035
Published
2017-04-28
CVE-2016-8591
log_query.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
CVSS Score
8.8
EPSS Score
0.035
Published
2017-04-28
CVE-2016-8592
log_query_system.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
CVSS Score
8.8
EPSS Score
0.035
Published
2017-04-28
CVE-2016-8593
Directory traversal vulnerability in upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via a .. (dot dot) in the dID parameter.
CVSS Score
8.8
EPSS Score
0.049
Published
2017-04-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved