Lucene search
+L

11 matches found

euvd
euvd
added 2025/10/07 12:30 a.m.8 views

EUVD-2019-15745

Malware in sbrugna...

5.3CVSS5.7AI score0.011EPSS
Exploits0References2
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-15727

Malware in sbrugna...

8.8CVSS8.3AI score0.01381EPSS
Exploits0References2
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2015-8000

Malware in sbrugna...

5.3CVSS5.5AI score0.01476EPSS
Exploits0References2
osv
osv
added 2019/07/16 7:15 p.m.5 views

CVE-2019-6160

A vulnerability in various versions of Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the API...

7.5CVSS7.2AI score0.01381EPSS
Exploits0References1
prion
prion
added 2018/09/28 8:29 p.m.12 views

Session fixation

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not provide the user a new cookie value. This allows an attacker who knows the cookie's value to compromise...

4.3CVSS5.7AI score0.00727EPSS
Exploits0References1Affected Software20
prion
prion
added 2018/09/28 8:29 p.m.19 views

Command injection

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "" characters in the share : name parameter. As a result, arbitrary commands may be executed as the root user. The...

9.3CVSS8.4AI score0.01624EPSS
Exploits0References1Affected Software1
prion
prion
added 2018/09/28 8:29 p.m.16 views

Cross site request forgery (csrf)

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in the browser in the device's origin instead of prompting to download the asset. The application does...

6.8CVSS8.5AI score0.01039EPSS
Exploits0References1Affected Software20
cvelist
cvelist
added 2018/09/28 8:0 p.m.29 views

CVE-2018-9079 Iomega and LenovoEMC NAS Web UI Vulnerabilities

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model DOM of the page. In addition, adversaries can inject HTML script tags and HTML tags with JavaScript handlers to execute arbitrary JavaScript with the...

9.6AI score0.01235EPSS
Exploits0References1
cvelist
cvelist
added 2018/09/28 8:0 p.m.20 views

CVE-2018-9075 Iomega and LenovoEMC NAS Web UI Vulnerabilities

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick "" characters in the client:password parameter. As a result, arbitrary commands may be executed as the root user...

8.5AI score0.04079EPSS
Exploits0References1
lenovo
lenovo
added 2018/08/07 6:58 p.m.520 views

Securely Configuring LenovoEMC NAS Devices - US

Lenovo Security Advisory: LEN-11575 Potential Impact: Access to stored data if security settings have not been configured Scope of Impact: Lenovo-specific Summary Description: In light of recent work by a security researcher, Lenovo would like to remind owners of older LenovoEMC consumer Network...

6.8AI score
Exploits0
cve
cve
added 2016/04/08 4:0 p.m.44 views

CVE-2015-8108

LenovoEMC LEN-3846 and CNVD-2016-02206 describe an information-disclosure vulnerability in the LenovoEMC EZ Media & Backup NAS management interface across multiple models (hm3, ix2/ix2-dl, ix4-300d, px12-400r/450r, px6-300d, px2-300d, px4-300r/400d/400r/300d). Before firmware 4.1.204.33661, unaut...

5.3CVSS5AI score0.01476EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder