CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 1CVE-2016-8584 – Trend Micro Threat Discovery Appliance 2.6.1062r1 Session Generation Authentication Bypass
https://notcve.org/view.php?id=CVE-2016-8584
Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses predictable session values, which allows remote attackers to bypass authentication by guessing the value. Threat Discovery Appliance 2.6.1062r1 de Trend Micro y versiones anteriores usan valores de sesión predecibles, lo que permite a atacantes remotos evitar la autenticación adivinando el valor. Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a session generation authentication bypass vulnerability. • http://packetstormsecurity.com/files/142227/Trend-Micro-Threat-Discovery-Appliance-2.6.1062r1-Session-Generation-Authentication-Bypass.html http://www.securityfocus.com/bid/98333 • CWE-284: Improper Access Control •
CVSS: 9.0EPSS: 3%CPEs: 1EXPL: 2CVE-2016-8585 – Trend Micro Threat Discovery Appliance 2.6.1062r1 admin_sys_time.cgi Remote Code Execution
https://notcve.org/view.php?id=CVE-2016-8585
admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter. El componente Admin_sys_time.cgi del Threat Discovery Appliance 2.6.1062r1 de Trend Micro y versiones anteriores permite a los usuarios autenticados remotos ejecutar código arbitrario como el usuario root a través de los metacaracteres de shell en el parámetro timezone. Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from an admin_sys_time.cgi remote code execution vulnerability. • http://packetstormsecurity.com/files/142223/Trend-Micro-Threat-Discovery-Appliance-2.6.1062r1-admin_sys_time.cgi-Remote-Code-Execution.html http://packetstormsecurity.com/files/142224/Trend-Micro-Threat-Discovery-Appliance-2.6.1062r1-admin_sys_time.cgi-Remote-Code-Execution.html http://www.securityfocus.com/bid/98342 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2016-8586 – Trend Micro Threat Discovery Appliance 2.6.1062r1 detected_potential_files.cgi Remote Code Execution
https://notcve.org/view.php?id=CVE-2016-8586
detected_potential_files.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. El componente detected_potential_files.cgi del Threat Discovery Appliance 2.6.1062r1 en Trend Micro y versiones anteriores permite a usuarios autenticados remotos ejecutar código arbitrario como usuario root a través de metacaracteres de shell en el parámetro cache_id. Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a detected_potential_files.cgi remote code execution vulnerability. • http://packetstormsecurity.com/files/142222/Trend-Micro-Threat-Discovery-Appliance-2.6.1062r1-detected_potential_files.cgi-Remote-Code-Execution.html http://www.securityfocus.com/bid/98376 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.3EPSS: 1%CPEs: 1EXPL: 1CVE-2016-8587 – Trend Micro Threat Discovery Appliance 2.6.1062r1 dlp_policy_upload.cgi Remote Code Execution
https://notcve.org/view.php?id=CVE-2016-8587
dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via an archive file containing a symlink to /eng_ptn_stores/prod/sensorSDK/data/ or /eng_ptn_stores/prod/sensorSDK/backup_pol/. El componente dlp_policy_upload.cg del Threat Discovery Appliance 2.6.1062r1 de Trend Micro y versiones anteriores permite a los usuarios autenticados remotos ejecutar código arbitrario a través de un archivo que contiene un enlace simbólico a /eng_ptn_stores/prod/sensorSDK/data/ o /eng_ptn_stores/prod/sensorSDK/backup_pol/ Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a dlp_policy_upload.cgi remote code execution vulnerability. • http://packetstormsecurity.com/files/142221/Trend-Micro-Threat-Discovery-Appliance-2.6.1062r1-dlp_policy_upload.cgi-Remote-Code-Execution.html http://www.securityfocus.com/bid/98508 • CWE-284: Improper Access Control •
CVSS: 7.3EPSS: 1%CPEs: 1EXPL: 1CVE-2016-8588 – Trend Micro Threat Discovery Appliance 2.6.1062r1 hotfix_upload.cgi Remote Code Execution
https://notcve.org/view.php?id=CVE-2016-8588
The hotfix_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the file name of an uploaded file. El componente hotfix_upload.cgi de Threat Discovery Appliance 2.6.1062r1 de Trend Micro y versiones anteriores permite a usuarios autenticados remotos ejecutar código arbitrario a través de metacaracteres de shell en el nombre de archivo de un archivo subido. Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a hotfix_upload.cgi remote code execution vulnerability. • http://packetstormsecurity.com/files/142220/Trend-Micro-Threat-Discovery-Appliance-2.6.1062r1-hotfix_upload.cgi-Remote-Code-Execution.html • CWE-284: Improper Access Control •