CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

OSV•added 2018/11/27 9:29 p.m.•1 views

CVE-2018-13333

Cross-site scripting in File Manager in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript in the permissions window by placing JavaScript in users' usernames...

6.1CVSS5.8AI score0.00181EPSS

Exploits1References1

NVD•added 2018/11/27 9:29 p.m.•19 views

CVE-2018-13356

Incorrect access control on ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to elevate user permissions...

9CVSS8.7AI score0.00484EPSS

Exploits1References1

Prion•added 2018/11/27 9:29 p.m.•16 views

Improper access control

Incorrect access control on ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to elevate user permissions...

9CVSS8.6AI score0.00484EPSS

Exploits1References1Affected Software1

NVD•added 2018/11/27 9:29 p.m.•9 views

CVE-2018-13333

Cross-site scripting in File Manager in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript in the permissions window by placing JavaScript in users' usernames...

6.1CVSS6.3AI score0.00181EPSS

Exploits1References1

Prion•added 2018/11/27 9:29 p.m.•12 views

Command injection

System command injection in ajaxdata.php in TerraMaster TOS 3.1.03 allows attackers to execute system commands via the "newname" parameter...

9CVSS9.1AI score0.1198EPSS

Exploits1References1Affected Software1

Prion•added 2018/11/27 9:29 p.m.•10 views

Command injection

System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "pwd" parameter during user creation...

10CVSS9.8AI score0.12488EPSS

Exploits1References1Affected Software1

Cvelist•added 2018/11/27 9:0 p.m.•19 views

CVE-2018-13359

Cross-site scripting in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "modgroup" parameter...

8.8AI score0.00609EPSS

Exploits1References1

CVE•added 2018/11/27 9:0 p.m.•44 views

CVE-2018-13333

CVE-2018-13333 affects TerraMaster TOS File Manager in version 3.1.03. The issue is a cross-site scripting vulnerability that allows an attacker to execute JavaScript in a privileged permissions window by placing script in a user’s username. Some sources also frame this as a remote threat where a...

6.1CVSS6.8AI score0.00181EPSS

Exploits1References1Affected Software1

CVE•added 2018/11/27 9:0 p.m.•39 views

CVE-2018-13329

CVE-2018-13329 concerns TerraMaster TOS (version 3.1.03) where the endpoint ajaxdata.php is vulnerable to cross-site scripting (XSS) via the lines URL parameter. The described impact is that remote attackers can cause JavaScript execution in the context of a user session. The connected documents ...

6.1CVSS6.8AI score0.0024EPSS

Exploits1References1Affected Software1

Cvelist•added 2018/11/27 9:0 p.m.•10 views

CVE-2018-13418

System command injection in ajaxdata.php in TerraMaster TOS 3.1.03 allows attackers to execute system commands via the "newname" parameter...

9.5AI score0.1198EPSS

Exploits1References1

Cvelist•added 2018/11/27 9:0 p.m.•18 views

CVE-2018-13331

Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing users by placing JavaScript in their usernames...

6.9AI score0.0024EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by