TerraMaster TOS < 4.2.06 - User Enumeration

User Enumeration vulnerability in TerraMaster TOS = 4.2.06 allows remote unauthenticated attackers to identify valid users within the system via the username parameter to wizard/initialise.php. id: CVE-2020-28185 info: name: TerraMaster TOS 4.2.06 - User Enumeration author: pussycat0x severity:...

VulnCheck KEV: CVE-2020-28185

User Enumeration vulnerability in TerraMaster TOS = 4.2.06 allows remote unauthenticated attackers to identify valid users within the system via the username parameter to wizard/initialise.php...

PT-2023-30717 · Unknown · Terramaster

Name of the Vulnerable Software and Affected Versions: TerraMaster versions v.s1.0 through v.2.295 Description: The issue allows a remote attacker to obtain sensitive information via a crafted GET request. This is a Directory Traversal vulnerability, which enables access to files and directories...

CVE-2022-24989

TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. Shell metacharacters can be placed in raidtype because popen is used without any sanitization...

Exploit for Missing Authentication for Critical Function in Terra-Master Terramaster_Operating_System

terraMaster-CVE-2022-24990 Tool Introduction A quick-use...

Exploit for Missing Authentication for Critical Function in Terra-Master Terramaster_Operating_System

It is an exploit module for CVE-2022-24990, a TerraMaster TOS Un...

Exploit for Missing Authentication for Critical Function in Terra-Master Terramaster_Operating_System

CVE-2022-24990 CVE-2022-24990: Information lea...

Exploit for Missing Authentication for Critical Function in Terra-Master Terramaster_Operating_System

CVE-2022-24990-POC It’s just a poc; it’s not an exploit...

download.terra-master.com Cross Site Scripting vulnerability OBB-1366735

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

TerraMaster TOS System Command Injection Vulnerability (CNVD-2019-00665)

TerraMaster TOS is a set of storage server special operating system based on Linux platform developed by Terra Master. The system supports file sharing, cloud data synchronization, data backup and virtualization. A system command injection vulnerability exists in the ajaxdata.php endpoint in...

CVE-2018-13418

System command injection in ajaxdata.php in TerraMaster TOS 3.1.03 allows attackers to execute system commands via the "newname" parameter...

CVE-2018-13350

SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute SQL queries via the "Event" parameter...

CVE-2018-13336

System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "pwd" parameter during user creation...

CVE-2018-13334

Cross-site scripting in handle.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "optionssysname" parameter...