14 matches found
CVE-2017-18263
Seagate Media Server in Seagate Personal Cloud before 4.3.18.4 has directory traversal in getPhotoPlaylistPhotos.psp via a parameter named url...
EUVD-2017-9391
Malware in sbrugna...
Seagate Personal Cloud SRN21C 4.3.16.0 4.3.18.0 - SQL Injection
Seagate Personal Cloud SRN21C 4.3.16.0 4.3.18.0 - SQL Injection ------------------------------------------------------------------------ Seagate Media Server multiple SQL injection vulnerabilities ------------------------------------------------------------------------ Yorick Koster, September 20...
Seagate Personal Cloud SRN21C 4.3.16.0 / 4.3.18.0 - SQL Injection
------------------------------------------------------------------------ Seagate Media Server multiple SQL injection vulnerabilities ------------------------------------------------------------------------ Yorick Koster, September 2017...
Seagate Personal Cloud SRN21C SQL Injection Vulnerability
Seagate Personal Cloud model SRN21C running firmware versions 4.3.16.0 and 4.3.18.0 suffer from remote SQL injection vulnerabilities in the media server. ------------------------------------------------------------------------ Seagate Media Server multiple SQL injection vulnerabilities...
Seagate Personal Cloud SRN21C SQL Injection
------------------------------------------------------------------------ Seagate Media Server multiple SQL injection vulnerabilities ------------------------------------------------------------------------ Yorick Koster, September 2017...
Seagate Personal Cloud < 4.3.19.3 SQL Injection Vulnerability
Seagate Media Server in Seagate Personal Cloud has unauthenticated SQL Injection vulnerability which may lead to retrieve or modify arbitrary data in the database. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by...
Seagate Personal Cloud < 4.3.18.0 RCE Vulnerability
Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled. SPDX-FileCopyrightText: 2018 Greenbone AG Some text...
CVE-2017-18263
Seagate Media Server in Seagate Personal Cloud before 4.3.18.4 has directory traversal in getPhotoPlaylistPhotos.psp via a parameter named url...
CVE-2017-18263
Seagate Personal Cloud is affected: Seagate Media Server before 4.3.18.4 contains a directory traversal vulnerability in getPhotoPlaylistPhotos.psp via the url parameter. The issue can allow an attacker to retrieve sensitive information from the NAS. No exploit details are provided in the sources...
Seagate Media Server Path Traversal
------------------------------------------------------------------------ Seagate Media Server path traversal vulnerability ------------------------------------------------------------------------ Yorick Koster, September 2017 -----------------------------------------------------------------------...
Seagate Media Server SRN21C Cross Site Scripting
------------------------------------------------------------------------ Seagate Media Server stored Cross-Site Scripting vulnerability ------------------------------------------------------------------------ Yorick Koster, September 2017...
Seagate Media Server Arbitrary File / Folder Deletion Vulnerabilities
Seagate Media Server on a Seagate Personal Cloud model SRN21C running firmware version 4.3.16.0 suffers from an unauthenticated arbitrary file and folder deletion vulnerability. ------------------------------------------------------------------------ Seagate Media Server allows deleting of...
CVE-2018-5347
Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled...