Posts Tagged ‘threat’

Trend Micro Threat Discovery Appliance admin_sys_time.cgi Remote Command Execution

This Metasploit module exploits two vulnerabilities the Trend Micro Threat Discovery Appliance. The first is an authentication bypass vulnerability via a file delete in logoff.cgi which resets the admin password back to ‘admin’ upon a reboot (CVE-2016-7552). The second is a cmd injection flaw using the timezone parameter in the admin_sys_time.cgi interface (CVE-2016-7547). Source: Trend […]