EUVD-2018-6603

Malware in sbrugna...

Drobo NAS Multiple Vulnerabilities in MySQL Web Application

Drobo NAS are prone to multiple vulnerabilities in their MySQL Web Application. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program...

Drobo NAS Multiple Vulnerabilities in DroboPix

Drobo NAS are prone to multiple vulnerabilities in DroboPix. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

Drobo NAS Multiple Vulnerabilities in DroboAccess

Drobo NAS are prone to multiple vulnerabilities in DroboAccess. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free softwar...

Drobo NAS Multiple Vulnerabilities in NASd

Drobo NAS are prone to multiple vulnerabilities in NASd. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

Drobo 5N2 Directory Traversal Vulnerability

Drobo 5N2 NAS is a networked storage device NAS from Drobo, USA. The device has features such as data sharing, data backup, remote access and disaster recovery.Drobo Pix Web application is one of the applications that provides mobile backup functionality. A directory traversal vulnerability exist...

Drobo 5N2 cross-site scripting vulnerability (CNVD-2019-05931)

The Drobo 5N2 NAS is a networked storage appliance NAS from Drobo, USA. The device features data sharing, data backup, remote access and disaster recovery. A cross-site scripting vulnerability exists in the /DroboAccess/enableuser endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115. A remote...

Drobo 5N2 Improper Access Control Vulnerability (CNVD-2019-05934)

The Drobo 5N2 NAS is a networked storage appliance NAS from Drobo, USA. The device features data sharing, data backup, remote access and disaster recovery. An access control error vulnerability exists in the /mysql/api/logfile.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115. An attacker c...

CVE-2018-14708

An insecure transport protocol used by Drobo Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to intercept network traffic...

CVE-2018-14707

Directory traversal in the Drobo Pix web application on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to upload files to arbitrary locations...

CVE-2018-14697

Cross-site scripting in the /DroboAccess/enableuser endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via the username URL parameter...

CVE-2018-14695

Incorrect access control in the /mysql/api/diags.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve diagnostic information via the "name" URL parameter...

CVE-2018-14702

Incorrect access control in the /drobopix/api/drobo.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve sensitive system information...

CVE-2018-14696

Incorrect access control in the /mysql/api/drobo.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve sensitive system information...

CVE-2018-14709

Incorrect access control in the Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to bypass authentication due to insecure token generation...