10 matches found
CVE-2018-12300
CVE-2018-12300 refers to an open redirect in Seagate NAS OS 4.3.15.1, specifically in echo-server.html, enabling an attacker to disclose information in the Referer header via the state URL parameter. Connected sources (Nuclei template) confirm the open redirect description and name the affected d...
CVE-2018-12296
CVE-2018-12296 affects Seagate NAS OS 4.3.15.1. The issue is insufficient access control on the API endpoint /api/external/7.0/system.System.get_infos, permitting an unauthenticated attacker to obtain information about the NAS via empty POST requests. The NVD and connected templates describe this...
CVE-2018-12298
CVE-2018-12298: Directory traversal in Seagate NAS OS filebrowser (v4.3.15.1) allows reading files inside the app container via crafted URL paths. Root cause appears to be improper URL path handling. Affects filebrowser component; impact includes partial confidentiality (C in CVSS). CVSS data pre...
CVE-2018-12301
CVE-2018-12301 affects Seagate NAS OS v4.3.15.1: Unvalidated URL in the Download Manager allows access to the loopback interface via a Download URL of 127.0.0.1 or localhost. Connected sources (Red Hat advisory, NVD entry, CVE listing) confirm the same description, but do not provide exploit deta...
CVE-2018-12297
CVE-2018-12297 affects Seagate NAS OS 4.3.15.1 with XSS in API error pages via URL path names. Root cause cited as insufficient validation of client data by the WEB application; impact is client-side script execution. Exploitation details/works are not provided in the documents; no remediation/ve...
CVE-2018-12295
The CVE describes a SQL injection in folderViewSpecific.psp of Seagate NAS OS v4.3.15.1, allowing attackers to execute arbitrary SQL commands through the dirId URL parameter. Affected software is Seagate NAS OS (version 4.3.15.1); root cause is improper handling of the dirId parameter in folderVi...
CVE-2018-12302
CVE-2018-12302 concerns Seagate NAS OS web application (v4.3.15.1) with missing HttpOnly flag on session cookies, enabling potential theft of session tokens via cross-site scripting. Publicly surfaced details are consistent across sources (NVD/Red Hat/other catalogs). The Red Hat and NVD entries ...
CVE-2018-12304
The Red Hat, NVD and CVE records confirm CVE-2018-12304 affects Seagate NAS OS (version 4.3.15.1) via the Application Manager. The vulnerability is a cross-site scripting (XSS) flaw in multiple application metadata fields (Short Description, Publisher Name, Publisher Contact, Website URL) that ca...
CVE-2018-12303
An XSS vulnerability in Seagate NAS OS filebrowser (version 4.3.15.1) allows attackers to inject and execute JavaScript via directory names. This is described across multiple sources (CVE-2018-12303). The connected records confirm the affected product and vulnerability class but do not provide ex...
CVE-2018-12299
CVE-2018-12299 relates to a cross-site scripting (XSS) vulnerability in Seagate NAS OS 4.3.15.1 filebrowser. The issue arises because uploaded file names can trigger JavaScript execution in the browser, enabling an attacker to perform actions in a victim’s session. The available connected documen...