8 matches found
EUVD-2018-6598
Malware in sbrugna...
Improper access control
Incorrect access control in the /mysql/api/diags.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve diagnostic information via the "name" URL parameter...
CVE-2018-14704
Cross-site scripting in the MySQL API error page in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via a malformed URL path...
CVE-2018-14696
Incorrect access control in the /mysql/api/drobo.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve sensitive system information...
CVE-2018-14704
Cross-site scripting in the MySQL API error page in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via a malformed URL path...
Cross site scripting
Cross-site scripting in the MySQL API error page in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via a malformed URL path...
CVE-2018-14704
Cross-site scripting in the MySQL API error page in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via a malformed URL path...
CVE-2018-14704
CVE-2018-14704 affects Drobo 5N2 NAS (firmware around 4.0.5-13.28.96115) with a cross-site scripting vulnerability in the MySQL API error page. The issue arises from unsanitized data in the error page, allowing a remote attacker to execute JavaScript via a malformed URL path. Public references (N...