40 matches found
CVE-2018-13338
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "username" parameter during user creation...
Command injection
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "pwd" parameter during user creation...
CVE-2018-13356
Incorrect access control on ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to elevate user permissions...
CVE-2018-13338
TerraMaster TOS 3.1.03 is affected by a remote command injection in ajaxdata.php during user creation. The vulnerability enables an attacker to execute arbitrary system commands by manipulating the username parameter. This is documented in CVE-2018-13338 and reiterated in multiple checks (NVD ent...
CVE-2018-13353
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute commands via the "checkport" parameter...
CVE-2018-13329
Cross-site scripting in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "lines" URL parameter...
CVE-2018-13338
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "username" parameter during user creation...
CVE-2018-13336
CVE-2018-13336 : TerraMaster TOS 3.1.03 contains a system command injection in the Ajax request path ajaxdata.php used during user creation. The vulnerability is exploitable via the pwd parameter, enabling an attacker to execute arbitrary system commands. According to NVD metrics, the issue has a...
CVE-2018-13353
TerraMaster TOS 3.1.03 contains a command injection vulnerability in ajaxdata.php via the checkport parameter. The issue allows an attacker to execute arbitrary commands, as indicated by CVE-2018-13353 with high severity (CVSS v3.0 base 8.8). The connected documents confirm the affected endpoint ...
CVE-2018-13355
Incorrect access controls in ajaxdata.php in TerraMaster TOS version 3.1.03 allow attackers to create user groups without proper authorization...
CVE-2018-13358
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "checkName" parameter...
CVE-2018-13355
CVE-2018-13355 affects TerraMaster TOS 3.1.03; a flawed access control in ajaxdata.php allows attackers to create user groups without proper authorization. This undermines integrity and could enable privilege elevation within the system. No remediation or patch details are provided in the connect...
CVE-2018-13329
CVE-2018-13329 concerns TerraMaster TOS (version 3.1.03) where the endpoint ajaxdata.php is vulnerable to cross-site scripting (XSS) via the lines URL parameter. The described impact is that remote attackers can cause JavaScript execution in the context of a user session. The connected documents ...
CVE-2018-13418
System command injection in ajaxdata.php in TerraMaster TOS 3.1.03 allows attackers to execute system commands via the "newname" parameter...
CVE-2018-13330
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands during group creation via the "groupname" parameter...
CVE-2018-13358
TerraMaster TOS 3.1.03 contains a command-injection flaw in ajaxdata.php via the checkName parameter, enabling remote execution of arbitrary commands and potential full system compromise as described in CVE-2018-13358. The vulnerability is corroborated by multiple advisories and CNVD/NVD records ...
CVE-2018-13330
TerraMaster TOS 3.1.03 is affected by a system command injection in ajaxdata.php during group creation via the groupname parameter. The vulnerability allows an attacker to execute system commands on the device. Connected advisories (CNVD-2019-00661, NVD CVE-2018-13330, PRION-CVE-2018-13330, OpenV...
CVE-2018-13356
CVE-2018-13356 affects TerraMaster TOS 3.1.03 . The vulnerability is described as an improper access control in the file ajaxdata.php , enabling attackers to elevate user permissions . From the provided data, the CVSSv3 base score is 8.8 (HIGH) with Network attack vector, LOW attack complexity, a...
CVE-2018-13329
Cross-site scripting in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "lines" URL parameter...
Cross site scripting
Cross-site scripting in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "lines" URL parameter...