Search Results | AttackerKB

Show filters

Topics 493 Users 9,744

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

493 Total Results

Displaying 431-440 of 493

Attacker Value

Unknown

CVE-2017-9032

Disclosure Date: May 26, 2017 (last updated November 26, 2024)

Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allow remote attackers to inject arbitrary web script or HTML via the (1) T1 or (2) tmLastConfigFileModifiedDate parameter to log_management.cgi.

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2017-8801

Disclosure Date: May 05, 2017 (last updated November 26, 2024)

Trend Micro OfficeScan 11.0 before SP1 CP 6325 (with Agent Module Build before 6152) and XG before CP 1352 has XSS via a crafted URI using a blocked website.

0

Attacker Value

Unknown

CVE-2017-5481

Disclosure Date: May 03, 2017 (last updated November 26, 2024)

Trend Micro OfficeScan 11.0 before SP1 CP 6325 and XG before CP 1352 allows remote authenticated users to gain privileges by leveraging a leak of an encrypted password during a web-console operation.

0

Attacker Value

Unknown

CVE-2016-8585

Disclosure Date: April 28, 2017 (last updated November 26, 2024)

admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter.

0

Attacker Value

Unknown

CVE-2016-8588

Disclosure Date: April 28, 2017 (last updated November 26, 2024)

The hotfix_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the file name of an uploaded file.

0

Attacker Value

Unknown

CVE-2016-8584

Disclosure Date: April 28, 2017 (last updated November 26, 2024)

Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses predictable session values, which allows remote attackers to bypass authentication by guessing the value.

0

Attacker Value

Unknown

CVE-2016-8592

Disclosure Date: April 28, 2017 (last updated November 26, 2024)

log_query_system.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.

0

Attacker Value

Unknown

CVE-2016-8586

Disclosure Date: April 28, 2017 (last updated November 26, 2024)

detected_potential_files.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.

0

Attacker Value

Unknown

CVE-2016-8591

Disclosure Date: April 28, 2017 (last updated November 26, 2024)

log_query.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.

0

Attacker Value

Unknown

CVE-2016-8590

Disclosure Date: April 28, 2017 (last updated November 26, 2024)

log_query_dlp.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.

0