CVE-2018-12302

Missing HTTPOnly flag on session cookies in the Seagate NAS OS version 4.3.15.1 web application allows attackers to steal session tokens via cross-site scripting...

CVE-2018-12304

Cross-site scripting in Application Manager in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via multiple application metadata fields: Short Description, Publisher Name, Publisher Contact, or Website URL...

EUVD-2018-4276

Malware in sbrugna...

EUVD-2018-4273

Malware in sbrugna...

QNAP QTS和QNAP QuTS hero 代码问题漏洞

QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...

QNAP operating system 代码问题漏洞

QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...

QNAP Systems QTS和QNAP Systems QuTS hero 安全漏洞

QNAP Systems QTS and QNAP Systems QuTS hero are both products of China Weilian Technology QNAP Systems.QNAP Systems QTS is an operating system used by entry to mid-level QNAP NAS.QNAP Systems QuTS hero is an operating system. A security vulnerability exists in QNAP Systems QTS version 5.2.0.2737...

QNAP Systems QTS and QuTS hero security vulnerabilities

QNAP Systems QTS and QNAP Systems QuTS hero are both products of China Weilian Technology QNAP Systems.QNAP Systems QTS is an operating system used by entry to mid-level QNAP NAS.QNAP Systems QuTS hero is an operating system. A security vulnerability exists in QNAP QTS prior to version 5.1.4.2596...

VulnCheck KEV: CVE-2018-12296

Insufficient access control in /api/external/7.0/system.System.getinfos in Seagate NAS OS version 4.3.15.1 allows attackers to obtain information about the NAS without authentication via empty POST requests...

CVE-2022-4221 OS command injection in ASUS M25 NAS

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Asus NAS-M25 allows an unauthenticated attacker to inject arbitrary OS commands via unsanitized cookie values.This issue affects NAS-M25: through 1.0.1.7...

QNAP Surveillance Station Detection (HTTP)

HTTP based detection of QNAP Surveillance Station. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Seagate NAS OS Cross-Site Scripting Vulnerability

Seagate NAS OS is a NAS Network Attached Storage operating system from Seagate USA. A cross-site scripting vulnerability exists in the API error page in Seagate NAS OS version 4.3.15.1. The vulnerability stems from a lack of proper validation of client data by the WEB application. An attacker cou...

Seagate NAS OS Path Traversal Vulnerability

Seagate NAS OS is a NAS Network Attached Storage operating system from Seagate, Inc. filebrowser is one of the file browsers. A path traversal vulnerability exists in the filebrowser in Seagate NAS OS version 4.3.15.1. The vulnerability stems from a failure of a network system or product to...

CVE-2018-12295

SQL injection in folderViewSpecific.psp in Seagate NAS OS version 4.3.15.1 allows attackers to execute arbitrary SQL commands via the dirId URL parameter...

Design/Logic Flaw

Unvalidated URL in Download Manager in Seagate NAS OS version 4.3.15.1 allows attackers to access the loopback interface via a Download URL of 127.0.0.1 or localhost...

CVE-2018-12298

Directory Traversal in filebrowser in Seagate NAS OS 4.3.15.1 allows attackers to read files within the application's container via a URL path...

Cross site scripting

Cross-site scripting in Application Manager in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via multiple application metadata fields: Short Description, Publisher Name, Publisher Contact, or Website URL...

Sql injection

SQL injection in folderViewSpecific.psp in Seagate NAS OS version 4.3.15.1 allows attackers to execute arbitrary SQL commands via the dirId URL parameter...

Cross site scripting

Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via directory names...

CVE-2018-12301

Unvalidated URL in Download Manager in Seagate NAS OS version 4.3.15.1 allows attackers to access the loopback interface via a Download URL of 127.0.0.1 or localhost...