|
246381
|
9.8 |
CRITICAL
Network
|
terra-master
|
terramaster_operating_system
|
System command injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "Event" parameter.
|
CWE-78
OS Command
|
CVE-2018-13354
|
2024-11-21 12:46 |
2018-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246382
|
8.8 |
HIGH
Network
|
terra-master
|
terramaster_operating_system
|
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute commands via the "checkport" parameter.
|
CWE-78
OS Command
|
CVE-2018-13353
|
2024-11-21 12:46 |
2018-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246383
|
7.5 |
HIGH
Network
|
terra-master
|
terramaster_operating_system
|
Session Exposure in the web application for TerraMaster TOS version 3.1.03 allows attackers to view active session tokens in a world-readable directory.
|
CWE-200
Information Exposure
|
CVE-2018-13352
|
2024-11-21 12:46 |
2018-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246384
|
4.8 |
MEDIUM
Network
|
terra-master
|
terramaster_operating_system
|
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the edit password form.
|
CWE-79
Cross-site Scripting
|
CVE-2018-13351
|
2024-11-21 12:46 |
2018-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246385
|
9.8 |
CRITICAL
Network
|
terra-master
|
terramaster_operating_system
|
SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute SQL queries via the "Event" parameter.
|
CWE-89
SQL Injection
|
CVE-2018-13350
|
2024-11-21 12:46 |
2018-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246386
|
6.1 |
MEDIUM
Network
|
terra-master
|
terramaster_operating_system
|
Cross-site scripting in the web application taskbar in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the user's username.
|
CWE-79
Cross-site Scripting
|
CVE-2018-13349
|
2024-11-21 12:46 |
2018-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246387
|
9.8 |
CRITICAL
Network
|
terra-master
|
terramaster_operating_system
|
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "username" parameter during user creation.
|
CWE-78
OS Command
|
CVE-2018-13338
|
2024-11-21 12:46 |
2018-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246388
|
9.8 |
CRITICAL
Network
|
terra-master
|
terramaster_operating_system
|
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "pwd" parameter during user creation.
|
CWE-78
OS Command
|
CVE-2018-13336
|
2024-11-21 12:46 |
2018-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246389
|
5.4 |
MEDIUM
Network
|
terra-master
|
terramaster_operating_system
|
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing shared folders via their descriptions.
|
CWE-79
Cross-site Scripting
|
CVE-2018-13335
|
2024-11-21 12:46 |
2018-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246390
|
6.1 |
MEDIUM
Network
|
terra-master
|
terramaster_operating_system
|
Cross-site scripting in File Manager in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript in the permissions window by placing JavaScript in users' usernames.
|
CWE-79
Cross-site Scripting
|
CVE-2018-13333
|
2024-11-21 12:46 |
2018-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
