Lucene search
K

48 matches found

CNNVD
CNNVD
added 2023/01/07 12:0 a.m.2 views

Bitstorm SQL注入漏洞

Bitstorm is a lightweight Bittorrent tracker by the individual developer Anthony Ananich. Bitstorm suffers from a SQL injection vulnerability that stems from a misuse of the parameter event resulting in sql injection...

9.8CVSS6.6AI score0.00643EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/01/07 12:0 a.m.4 views

PT-2023-10132 · Unknown · Ananich Bitstorm

Name of the Vulnerable Software and Affected Versions: ananich bitstorm affected versions not specified Description: A critical issue was found in ananich bitstorm, affecting an unknown functionality of the file announce.php. The manipulation of the event argument leads to SQL injection...

9.8CVSS8.3AI score0.00643EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2021/04/06 12:0 a.m.3 views

The vulnerability of the “Event” parameter in the TerraMaster TOS operating system allows a hacker to execute arbitrary code.

The vulnerability of the “Event” parameter in the TerraMaster TOS operating system is related to the lack of measures taken to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS8.5AI score0.96598EPSS
Exploits3References5Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2021/01/19 12:0 a.m.5 views

VulnCheck KEV: CVE-2020-28188

Remote Command Execution RCE vulnerability in TerraMaster TOS = 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter...

10CVSS7.6AI score0.96598EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2021/01/14 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-35665

An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation...

10CVSS7.3AI score0.78141EPSS
Exploits3References1
NVD
NVD
added 2020/12/24 3:15 p.m.22 views

CVE-2020-28188

Remote Command Execution RCE vulnerability in TerraMaster TOS = 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter...

10CVSS9.8AI score0.96598EPSS
Exploits3References4
Prion
Prion
added 2020/12/24 3:15 p.m.28 views

Command injection

Remote Command Execution RCE vulnerability in TerraMaster TOS = 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter...

10CVSS9.7AI score0.96598EPSS
Exploits3References4Affected Software1
CNNVD
CNNVD
added 2020/12/24 12:0 a.m.5 views

Terramaster TOS Operating System Command Injection Vulnerability

TerraMaster TOS is a Linux-based operating system for TerraMaster Cloud Storage NAS servers from TerraMaster. An OS command injection vulnerability exists in TerraMaster TOS version 4.2.06 and earlier versions, which originates from an OS command injection vulnerability found in the Event paramet...

10CVSS7.4AI score0.96598EPSS
Exploits3References6
Positive Technologies
Positive Technologies
added 2020/12/24 12:0 a.m.4 views

PT-2020-5870 · Terramaster · Terramaster Tos

Name of the Vulnerable Software and Affected Versions: TerraMaster TOS versions = 4.2.06 Description: The issue is related to the "Event" parameter in the /include/makecvs.php file of the TerraMaster TOS operating system, which fails to neutralize special elements used in operating system command...

10CVSS9.7AI score0.96598EPSS
Exploits3References11
CNVD
CNVD
added 2020/12/24 12:0 a.m.2 views

TerraMaster TOS Remote Code Execution Vulnerability

TerraMaster TOS is a Linux-based operating system developed for TerraMaster Cloud Storage NAS servers. A remote code execution vulnerability exists in TerraMaster TOS 4.2.06 and earlier versions. An attacker can exploit this vulnerability to execute commands without authentication via shell...

10CVSS8.6AI score0.78141EPSS
Exploits3References1
ATTACKERKB
ATTACKERKB
added 2020/12/24 12:0 a.m.45 views

CVE-2020-28188

Remote Command Execution RCE vulnerability in TerraMaster TOS = 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter. Recent assessments: gwillcox-r7 at January 21, 2021 3:28am UTC reported: Noted as exploited in the wild by CheckPoint...

10CVSS10AI score0.96598EPSS
In wildExploits3References5
CVE
CVE
added 2020/12/24 12:0 a.m.286 views

CVE-2020-28188

TerraMaster TOS is affected up to version 4.2.06 with unauthenticated remote code execution via /include/makecvs.php in the Event parameter. The underlying issue is a command-injection flaw that lets an attacker run arbitrary OS commands on the system, typically with the web app user privileges. ...

10CVSS9.6AI score0.96598EPSS
In wildExploits3References4Affected Software1
Cvelist
Cvelist
added 2020/12/24 12:0 a.m.29 views

CVE-2020-28188

Remote Command Execution RCE vulnerability in TerraMaster TOS = 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter...

9.8AI score0.96598EPSS
Exploits3References4
OSV
OSV
added 2020/12/23 8:15 p.m.4 views

CVE-2020-35665

An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation...

9.8CVSS7.3AI score
Exploits0References3
Prion
Prion
added 2020/12/23 8:15 p.m.23 views

Command injection

An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation...

10CVSS9.4AI score0.78141EPSS
Exploits3References3Affected Software1
Cvelist
Cvelist
added 2020/12/23 12:0 a.m.32 views

CVE-2020-35665

An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation...

9.5AI score0.78141EPSS
Exploits3References3
Positive Technologies
Positive Technologies
added 2020/12/23 12:0 a.m.5 views

PT-2020-17380 · Terramaster · Terramaster Tos

Name of the Vulnerable Software and Affected Versions: TerraMaster TOS versions 4.2.06 and earlier Description: An unauthenticated command-execution issue exists via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation. Recommendations: For TerraMaster TOS versio...

10CVSS9.2AI score0.78141EPSS
Exploits3References6
CNVD
CNVD
added 2018/11/28 12:0 a.m.3 views

TerraMaster TOS SQL Injection Vulnerability

TerraMaster TOS is a set of storage server special operating system based on Linux platform developed by Terra Master. The system supports file sharing, cloud data synchronization, data backup and virtualization. A SQL injection vulnerability exists in the logtable.php file in TerraMaster TOS...

9.8CVSS9.8AI score0.16661EPSS
Exploits2References1
CNVD
CNVD
added 2018/11/28 12:0 a.m.3 views

TerraMaster TOS System Command Injection Vulnerability (CNVD-2018-26663)

TerraMaster TOS is a set of storage server special operating system based on Linux platform developed by Terra Master. The system supports file sharing, cloud data synchronization, data backup and virtualization. A system command injection vulnerability exists in the logtable.php file in...

10CVSS9.9AI score0.22855EPSS
Exploits1References1
OSV
OSV
added 2018/11/27 9:29 p.m.4 views

CVE-2018-13350

SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute SQL queries via the "Event" parameter...

9.8CVSS5.9AI score0.16661EPSS
Exploits2References1
Rows per page
Query Builder