Lucene search
K

19 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2018-20684

Malware in sbrugna...

4.7CVSS5.3AI score0.0055EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-20685

Malware in sbrugna...

8.8CVSS8.4AI score0.00719EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2018-20683

Malware in sbrugna...

5.9CVSS6.3AI score0.00727EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-20680

Malware in sbrugna...

9.3CVSS8.2AI score0.01624EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-20681

Malware in sbrugna...

8.8CVSS8.4AI score0.01039EPSS
Exploits0References2
OSV
OSV
added 2018/09/28 8:29 p.m.5 views

CVE-2018-9081

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. As a result, adversaries can add files to shares accessible from the Content...

4.7CVSS5.3AI score0.0055EPSS
Exploits0References1
OSV
OSV
added 2018/09/28 8:29 p.m.4 views

CVE-2018-9078

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in the browser in the device's origin instead of prompting to download the asset. The application does...

8.8CVSS5.9AI score0.01039EPSS
Exploits0References1
OSV
OSV
added 2018/09/28 8:29 p.m.5 views

CVE-2018-9079

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model DOM of the page. In addition, adversaries can inject HTML script tags and HTML tags with JavaScript handlers to execute arbitrary JavaScript with the...

9.8CVSS6AI score0.01235EPSS
Exploits0References1
OSV
OSV
added 2018/09/28 8:29 p.m.5 views

CVE-2018-9080

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not provide the user a new cookie value. This allows an attacker who knows the cookie's value to compromise...

5.9CVSS5.8AI score0.00727EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2018/09/28 8:29 p.m.3 views

CVE-2018-9082

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the user's current password to set a new one. As a result, attackers with access to the user's session tokens can change their...

8.8CVSS5.5AI score0.00719EPSS
Exploits0References2Affected Software3
OSV
OSV
added 2018/09/28 8:29 p.m.4 views

CVE-2018-9074

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. As a result, users can upload files anywhere on the device's operating system as the root user...

6.5CVSS5.8AI score0.00974EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2018/09/28 8:29 p.m.7 views

CVE-2018-9080

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not provide the user a new cookie value. This allows an attacker who knows the cookie's value to compromise...

5.9CVSS5.5AI score0.00727EPSS
Exploits0References2Affected Software3
ATTACKERKB
ATTACKERKB
added 2018/09/28 8:29 p.m.4 views

CVE-2018-9077

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "" characters in the share : name parameter. As a result, arbitrary commands may be executed as the root user. The...

9.3CVSS5.8AI score0.01624EPSS
Exploits0References2Affected Software3
ATTACKERKB
ATTACKERKB
added 2018/09/28 8:29 p.m.4 views

CVE-2018-9076

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "" characters in the name parameter. As a result, arbitrary commands may be executed as the root user. The attack...

9.3CVSS5.8AI score0.01624EPSS
Exploits0References2Affected Software3
OSV
OSV
added 2018/09/28 8:29 p.m.6 views

CVE-2018-9076

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "" characters in the name parameter. As a result, arbitrary commands may be executed as the root user. The attack...

8.1CVSS5.8AI score0.01624EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2018/09/28 8:29 p.m.4 views

CVE-2018-9075

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick "" characters in the client:password parameter. As a result, arbitrary commands may be executed as the root user...

9.3CVSS5.8AI score0.04079EPSS
Exploits0References2Affected Software3
Prion
Prion
added 2018/09/28 8:29 p.m.19 views

Command injection

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "" characters in the share : name parameter. As a result, arbitrary commands may be executed as the root user. The...

9.3CVSS8.4AI score0.01624EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2018/09/28 8:29 p.m.5 views

CVE-2018-9079

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model DOM of the page. In addition, adversaries can inject HTML script tags and HTML tags with JavaScript handlers to execute arbitrary JavaScript with the...

9.8CVSS5.9AI score0.01235EPSS
Exploits0References2Affected Software3
OSV
OSV
added 2018/09/28 8:29 p.m.6 views

CVE-2018-9075

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick "" characters in the client:password parameter. As a result, arbitrary commands may be executed as the root user...

8.1CVSS5.8AI score0.04079EPSS
Exploits0References1
Rows per page
Query Builder