Seagate Personal Cloud Seagate Media Server Path Traversal Vulnerability

Seagate Personal Cloud is a personal cloud storage device from Seagate, U.S. Seagate Media Server is one of the media servers. A path traversal vulnerability exists in the getPhotoPlaylistPhotos.psp file of Seagate Media Server in Seagate Personal Cloud versions prior to 4.3.18.4. An attacker can...

CVE-2017-18263

Seagate Media Server in Seagate Personal Cloud before 4.3.18.4 has directory traversal in getPhotoPlaylistPhotos.psp via a parameter named url...

Directory traversal

Seagate Media Server in Seagate Personal Cloud before 4.3.18.4 has directory traversal in getPhotoPlaylistPhotos.psp via a parameter named url...

CVE-2017-18263

Seagate Media Server in Seagate Personal Cloud before 4.3.18.4 has directory traversal in getPhotoPlaylistPhotos.psp via a parameter named url...

Seagate Personal Cloud allows moving of arbitrary files

Abstract Seagate Personal Cloud is a consumer-grade Network-Attached Storage device NAS. It was found that the web application used to manage the NAS contains a vulnerability that allows an unauthenticated attacker to move arbitrary files. The move operation is done with root privileges, which...

Seagate Personal Cloud SRN21C Arbitrary File Move

------------------------------------------------------------------------ Seagate Personal Cloud allows moving of arbitrary files ------------------------------------------------------------------------ Yorick Koster, September 2017...

The vulnerability of the uploadTelemetry and getLogs functions of the Media Server component in the Seagate Personal Cloud software, allowing a hacker to execute arbitrary commands.

The vulnerability of the uploadTelemetry and getLogs functions /usr/lib/djangohost/seagatemediaserver/views.py of the Media Server component of the software-defined networking storage device Seagate Personal Cloud relates to the absence of measures to neutralize special elements used in commands...

Seagate Personal Cloud Seagate Media Server Command Injection Vulnerability

Seagate Personal Cloud is a personal cloud storage device from Seagate, U.S. Seagate Media Server is one of the media servers. A command injection vulnerability exists in the 'uploadTelemetry' and 'getLogs' functions of the Seagate Media Server in Seagate Personal Cloud that stems from the progra...

Seagate Personal Cloud - Multiple Vulnerabilities

Exploit for hardware platform in category remote exploits SSD Advisory – Seagate Personal Cloud Multiple Vulnerabilities Vulnerabilities summary The following advisory describes two 2 unauthenticated command injection vulnerabilities. Seagate Personal Cloud Home Media Storage is “the easiest way ...

Seagate Personal Cloud Command Injection

SSD Advisory a Seagate Personal Cloud Multiple Vulnerabilities Vulnerabilities summary The following advisory describes two 2 unauthenticated command injection vulnerabilities. Seagate Personal Cloud Home Media Storage is athe easiest way to store, organize, stream and share all your music, movie...

Seagate Media Server Arbitrary File / Folder Deletion Vulnerabilities

Seagate Media Server on a Seagate Personal Cloud model SRN21C running firmware version 4.3.16.0 suffers from an unauthenticated arbitrary file and folder deletion vulnerability. ------------------------------------------------------------------------ Seagate Media Server allows deleting of...

Command injection

Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled...

CVE-2018-5347

The CVE-2018-5347 entry concerns Seagate Personal Cloud’s Seagate Media Server. The vulnerability affects the .psp URL handling in the Django-based web application (views.py: uploadTelemetry and getLogs) where unsanitized GET parameters are passed to system commands, enabling unauthenticated comm...

CVE-2018-5347

Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled...

Seagate Personal Cloud - Multiple Vulnerabilities

Seagate Personal Cloud - Multiple Vulnerabilities SSD Advisory – Seagate Personal Cloud Multiple Vulnerabilities Vulnerabilities summary The following advisory describes two 2 unauthenticated command injection vulnerabilities. Seagate Personal Cloud Home Media Storage is “the easiest way to store...

Seagate Personal Cloud - Multiple Vulnerabilities

SSD Advisory – Seagate Personal Cloud Multiple Vulnerabilities Vulnerabilities summary The following advisory describes two 2 unauthenticated command injection vulnerabilities. Seagate Personal Cloud Home Media Storage is “the easiest way to store, organize, stream and share all your music, movie...

FTC Shares Security Tips for ASUS Wireless Routers

The Federal Trade Commission FTC has provided network security tips for vulnerable ASUS-branded wireless routers. Major security flaws in these routers may have exposed customers' sensitive information to malicious actors. FTC urges consumers to download the latest security updates for their...

ownCloud Unauthorized Access Vulnerability

ownCloud is an open source personal cloud storage solution. An unspecified security vulnerability exists in ownCloud that allows remote attackers to exploit the vulnerability to gain unauthorized access to applications...