Lucene search

K

Storcenter Security Vulnerabilities

cve
cve

CVE-2012-2283

The Iomega Home Media Network Hard Drive with EMC Lifeline firmware before 2.104, Home Media Network Hard Drive Cloud Edition with EMC Lifeline firmware before 3.2.3.15290, iConnect with EMC Lifeline firmware before 2.5.26.18966, and StorCenter with EMC Lifeline firmware before 2.0.18.23122, 2.1.x....

6.6AI Score

0.001EPSS

2022-10-03 04:15 PM
28
cve
cve

CVE-2019-6160

A vulnerability in various versions of Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the...

8.8CVSS

7.5AI Score

0.002EPSS

2019-07-16 07:15 PM
222
cve
cve

CVE-2018-9080

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not provide the user a new cookie value. This allows an attacker who knows the cookie's value to compromise...

5.9CVSS

6.6AI Score

0.001EPSS

2018-09-28 08:29 PM
17
cve
cve

CVE-2018-9081

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. As a result, adversaries can add files to shares accessible from the Content...

4.7CVSS

5.6AI Score

0.001EPSS

2018-09-28 08:29 PM
26
cve
cve

CVE-2018-9079

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model (DOM) of the page. In addition, adversaries can inject HTML script tags and HTML tags with JavaScript handlers to execute arbitrary JavaScript with the.....

9.8CVSS

8.1AI Score

0.002EPSS

2018-09-28 08:29 PM
17
cve
cve

CVE-2018-9082

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the user's current password to set a new one. As a result, attackers with access to the user's session tokens can change their...

8.8CVSS

8AI Score

0.001EPSS

2018-09-28 08:29 PM
34
cve
cve

CVE-2018-9078

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in the browser in the device's origin instead of prompting to download the asset. The application does.....

8.8CVSS

7.9AI Score

0.002EPSS

2018-09-28 08:29 PM
24
cve
cve

CVE-2018-9076

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters in the name parameter. As a result, arbitrary commands may be executed as the root user. The attack....

8.1CVSS

8.4AI Score

0.002EPSS

2018-09-28 08:29 PM
25
cve
cve

CVE-2018-9075

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick "``" characters in the client:password parameter. As a result, arbitrary commands may be executed as the root...

8.1CVSS

8.4AI Score

0.002EPSS

2018-09-28 08:29 PM
24
cve
cve

CVE-2018-9074

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. As a result, users can upload files anywhere on the device's operating system as the root...

6.5CVSS

7.1AI Score

0.001EPSS

2018-09-28 08:29 PM
21
cve
cve

CVE-2018-9077

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters in the share : name parameter. As a result, arbitrary commands may be executed as the root user....

8.1CVSS

8.4AI Score

0.002EPSS

2018-09-28 08:29 PM
20
cve
cve

CVE-2009-2367

cgi-bin/makecgi-pro in Iomega StorCenter Pro generates predictable session IDs, which allows remote attackers to hijack active sessions and gain privileges via brute force guessing attacks on the session_id...

9.8CVSS

9.4AI Score

0.346EPSS

2009-07-08 03:30 PM
37