Lucene search
K

13 matches found

CNVD
CNVD
added 2018/11/27 12:0 a.m.2 views

Buffalo TS5600D1206 Access Control Error Vulnerability

The Buffalo TS5600D1206 is a network storage device from the Buffalo Group of Japan. An access control error vulnerability exists in the nasapi in the Buffalo TS5600D1206 version 3.61-0.10, which can be exploited by an attacker to bypass authentication by sending a modified HTTP Host packet heade...

9.8CVSS9.6AI score0.2317EPSS
Exploits1References1
CNVD
CNVD
added 2018/11/27 12:0 a.m.2 views

Buffalo TS5600D1206 Directory Traversal Vulnerability

The Buffalo TS5600D1206 is a network storage device from the Buffalo Group of Japan. A directory traversal vulnerability exists in the listfolders method in the Buffalo TS5600D1206 version 3.61-0.10, which can be exploited to list the contents of a directory with the 'path' parameter...

6.5CVSS6.5AI score0.01308EPSS
Exploits1References1
CNVD
CNVD
added 2018/11/27 12:0 a.m.3 views

Buffalo TS5600D1206 Command Injection Vulnerability (CNVD-2019-00674)

The Buffalo TS5600D1206 is a network storage device from the Buffalo Group of Japan. A command injection vulnerability exists in the User.create method in the Buffalo TS5600D1206 version 3.61-0.10, which can be exploited to execute system commands with the 'name' parameter...

7.2CVSS7.7AI score0.02776EPSS
Exploits1References1
CNVD
CNVD
added 2018/11/27 12:0 a.m.3 views

Buffalo TS5600D1206 Access Control Error Vulnerability (CNVD-2019-00678)

The Buffalo TS5600D1206 is a network storage device from the Buffalo Group of Japan. An access control error vulnerability exists in the nasapi in the Buffalo TS5600D1206 version 3.61-0.10, which can be exploited by an attacker to call a dangerous internal function with the 'method' parameter...

8.8CVSS8.7AI score0.00993EPSS
Exploits1References1
CNVD
CNVD
added 2018/11/27 12:0 a.m.3 views

Buffalo TS5600D1206 Cross-Site Scripting Vulnerability

The Buffalo TS5600D1206 is a network storage device from the Buffalo Group of Japan. A cross-site scripting vulnerability exists in the detail.html file in the Buffalo TS5600D1206 version 3.61-0.10, which can be exploited by a remote attacker to execute JavaScript code via a "username" cookie...

6.1CVSS6.2AI score0.00692EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2018/11/26 11:29 p.m.2 views

CVE-2018-13318

System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the "name" parameter...

7.2CVSS5.7AI score0.02776EPSS
Exploits1References2
OSV
OSV
added 2018/11/26 11:29 p.m.3 views

CVE-2018-13318

System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the "name" parameter...

7.2CVSS5.9AI score0.02776EPSS
Exploits1References1
OSV
OSV
added 2018/11/26 11:29 p.m.3 views

CVE-2018-13319

Incorrect access control in getportalinfo in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to determine sensitive device information via an unauthenticated POST request...

7.5CVSS5.8AI score0.01231EPSS
Exploits1References1
Prion
Prion
added 2018/11/26 11:29 p.m.17 views

Command injection

System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the "name" parameter...

6.5CVSS7.4AI score0.02776EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/11/26 11:29 p.m.4 views

CVE-2018-13322

Directory traversal in listfolders method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to list directory contents via the "path" parameter...

6.5CVSS5.8AI score0.01308EPSS
Exploits1References1
Prion
Prion
added 2018/11/26 11:29 p.m.13 views

Cross site scripting

Cross-site scripting in detail.html in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute JavaScript via the "username" cookie...

4.3CVSS6.2AI score0.00692EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/11/26 10:0 p.m.19 views

CVE-2018-13323

Cross-site scripting in detail.html in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute JavaScript via the "username" cookie...

6.3AI score0.00692EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/11/26 10:0 p.m.19 views

CVE-2018-13322

Directory traversal in listfolders method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to list directory contents via the "path" parameter...

6.5AI score0.01308EPSS
Exploits1References1
Rows per page
Query Builder