Lucene search
K

41 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-6597

Malware in sbrugna...

9.8CVSS9.5AI score0.01337EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-6596

Malware in sbrugna...

7.5CVSS7.8AI score0.01313EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-6591

Malware in sbrugna...

6.1CVSS6.7AI score0.00707EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-6602

Malware in sbrugna...

9.8CVSS9.5AI score0.01273EPSS
Exploits1References2
CNVD
CNVD
added 2018/12/04 12:0 a.m.4 views

Drobo 5N2 Network Traffic Interception Vulnerability

The Drobo 5N2 NAS is a networked storage appliance NAS from Drobo, USA. The device features data sharing, data backup, remote access and disaster recovery. A security vulnerability exists in Drobo 5N2 NAS version 4.0.5-13.28.96115, which stems from the Drobo Dashboard API using an insecure...

9.8CVSS6.9AI score0.01273EPSS
Exploits1References1
OSV
OSV
added 2018/12/03 10:29 p.m.6 views

CVE-2018-14698

Cross-site scripting in the /DroboAccess/deleteuser endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via the "username" URL parameter...

6.1CVSS5.8AI score0.00707EPSS
Exploits1References1
OSV
OSV
added 2018/12/03 10:29 p.m.3 views

CVE-2018-14704

Cross-site scripting in the MySQL API error page in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via a malformed URL path...

6.1CVSS5.8AI score0.00707EPSS
Exploits1References1
NVD
NVD
added 2018/12/03 10:29 p.m.25 views

CVE-2018-14704

Cross-site scripting in the MySQL API error page in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via a malformed URL path...

6.1CVSS6.2AI score0.00707EPSS
Exploits1References1
Prion
Prion
added 2018/12/03 10:29 p.m.19 views

Improper access control

Incorrect access control in the /mysql/api/droboapp/data endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve the MySQL database root password...

5CVSS9.4AI score0.01337EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/12/03 10:29 p.m.24 views

CVE-2018-14703

Incorrect access control in the /mysql/api/droboapp/data endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve the MySQL database root password...

9.8CVSS9.4AI score0.01337EPSS
Exploits1References1
Prion
Prion
added 2018/12/03 10:29 p.m.26 views

Improper access control

Incorrect access control in the /mysql/api/diags.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve diagnostic information via the "name" URL parameter...

5CVSS7.5AI score0.01313EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2018/12/03 10:29 p.m.18 views

Command injection

System command injection in the /DroboAccess/enableuser endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the "username" URL parameter...

7.5CVSS9.9AI score0.29398EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2018/12/03 10:29 p.m.23 views

Command injection

System command injection in the /DroboAccess/deleteuser endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the "username" URL parameter...

7.5CVSS9.9AI score0.19994EPSS
Exploits5References2Affected Software1
Prion
Prion
added 2018/12/03 10:29 p.m.15 views

Improper access control

Incorrect access control in the /drobopix/api/drobo.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve sensitive system information...

5CVSS7.5AI score0.01313EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2018/12/03 10:29 p.m.19 views

Cross site scripting

Cross-site scripting in the MySQL API error page in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via a malformed URL path...

4.3CVSS6.2AI score0.00707EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2018/12/03 10:29 p.m.17 views

Cross site scripting

Cross-site scripting in the /DroboAccess/deleteuser endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via the "username" URL parameter...

4.3CVSS6.2AI score0.00707EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2018/12/03 10:29 p.m.21 views

Cross site scripting

Cross-site scripting in the /DroboAccess/enableuser endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via the username URL parameter...

4.3CVSS6.2AI score0.00707EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2018/12/03 10:29 p.m.17 views

Improper access control

Incorrect access control in the /mysql/api/drobo.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve sensitive system information...

5CVSS7.5AI score0.01313EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/12/03 10:29 p.m.4 views

CVE-2018-14701

System command injection in the /DroboAccess/deleteuser endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the "username" URL parameter...

9.8CVSS5.9AI score0.19994EPSS
Exploits5References2
NVD
NVD
added 2018/12/03 10:29 p.m.20 views

CVE-2018-14699

System command injection in the /DroboAccess/enableuser endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the "username" URL parameter...

9.8CVSS10AI score0.29398EPSS
Exploits1References1
Rows per page
Query Builder