1 0 Day Exploits - Backward Logic
// test

Public Advisories

Some of our responsibly disclosed 0-day exploits

Command Injection

ZDI-16-348: Trend Micro InterScan Web Security ManagePatches filename Remote Code Execution Vulnerability

CVE-2016-5840: Trend Micro Deep Discovery hotfix_upload.cgi filename Remote Code Execution Vulnerability

SQL Injection

CVE-2015- 6004: What’s Up Gold “Find Device” search field does not properly neutralize user input (SQL injection)

ZDI-16- 455: Trend Micro Control Manager cgiCMUIDispatcher SQL Injection Remote Code Execution Vulnerability

ZDI-16- 456: Trend Micro Control Manager AdHocQuery_CustomProfiles SQL Injection Remote Code Execution Vulnerability

Local File Disclosure (LFD)

otx.alienvault.com Local File Disclosure

External XML Entity (XXE)

ZDI-16- 457: Trend Micro Control Manager TreeUserControl_process_tree_event External Entity Processing Information Disclosure Vulnerability

ZDI-16- 458: Trend Micro Control Manager ProductTree External Entity Processing Information Disclosure Vulnerability

ZDI-16- 459: Trend Micro Control Manager DeploymentPlan_Event_Handler External Entity Processing Information Disclosure Vulnerability

CVE-2017-6323: Symantec Management Console Multiple XXE prior to ITMS 8.1 RU1 ITMS 8.0_POST_HF6 & ITMS 7.6_POST_HF7

Persistent Cross Site Scripting (XSS)

CVE-2015- 6005: Improper Neutralization of Script-Related HTML Tags in What’s Up Gold

CVE-2017-6322: Symantec Management Console Multiple XSS prior to ITMS 8.1 RU1, ITMS 8.0_POST_HF6 & ITMS 7.6_POST_HF7

Reflected Cross Site Scripting (XSS)

CVE-2017-6322: Symantec Management Console Multiple XSS prior to ITMS 8.1 RU1, ITMS 8.0_POST_HF6 & ITMS 7.6_POST_HF7

XPATH Injection

ZDI-16- 460: Trend Micro Control Manager AdHocQuery_SelectView XPATH Injection Information Disclosure Vulnerability

ZDI-16- 461: Trend Micro Control Manager AdHocQuery_SelectView XPATH Injection Information Disclosure Vulnerability (Second one)

Get A Free Quote Today

(888) 945-6442