4 matches found
CVE-2013-6924
Seagate BlackArmor NAS devices with firmware sg2000-2000.1331 allow remote attackers to execute arbitrary commands via shell metacharacters in the ip parameter to backupmgt/getAlias.php...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the Seagate BlackArmor NAS 220 devices with firmware sg2000-2000.1331 allow remote attackers to hijack the authentication of administrators for requests that 1 add user accounts via a crafted request to admin/accesscontroluseradd.php; 2...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Seagate BlackArmor NAS 220 devices with firmware sg2000-2000.1331 allow remote attackers to inject arbitrary web script or HTML via the 1 fullname parameter to admin/accesscontroluseredit.php or 2 workname parameter to...
CVE-2013-6923
The CVE-2013-6923 issue affects Seagate BlackArmor NAS sg2000-2000 with firmware sg2000-2000.1331. It describes two persistent XSS risks: (1) fullname input in admin/access_control_user_edit.php and (2) workname input in admin/network_workgroup_domain.php. The root cause is failure to sanitize us...