Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
Terra-masterTerramaster Operating System3.1.03

24 matches found

CVE
CVEadded 2018/11/27 9:29 p.m.45 views

CVE-2018-13336

System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "pwd" parameter during user creation.

10CVSS9.8AI score0.12488EPSS
CVE
CVEadded 2018/11/27 9:29 p.m.38 views

CVE-2018-13338

System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "username" parameter during user creation.

10CVSS9.8AI score0.12488EPSS
CVE
CVEadded 2018/11/27 9:29 p.m.38 views

CVE-2018-13358

System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "checkName" parameter.

9CVSS9.1AI score0.2042EPSS
CVE
CVEadded 2018/11/27 9:0 p.m.37 views

CVE-2018-13334

Cross-site scripting in handle.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "options[sysname]" parameter.

6.1CVSS6.5AI score0.0024EPSS
CVE
CVEadded 2018/11/27 9:29 p.m.36 views

CVE-2018-13354

System command injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "Event" parameter.

10CVSS9.8AI score0.1208EPSS
CVE
CVEadded 2018/11/27 9:29 p.m.35 views

CVE-2018-13332

Directory Traversal in the explorer application in TerraMaster TOS version 3.1.03 allows attackers to upload files to arbitrary locations via the "path" URL parameter.

7.5CVSS8AI score0.00619EPSS
CVE
CVEadded 2018/11/27 9:29 p.m.35 views

CVE-2018-13361

User enumeration in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to list all system users via the "modgroup" parameter.

5.3CVSS6.2AI score0.01637EPSS
CVE
CVEadded 2018/11/27 9:29 p.m.35 views

CVE-2018-13418

System command injection in ajaxdata.php in TerraMaster TOS 3.1.03 allows attackers to execute system commands via the "newname" parameter.

9CVSS9.4AI score0.1198EPSS
CVE
CVEadded 2018/11/27 9:29 p.m.34 views

CVE-2018-13333

Cross-site scripting in File Manager in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript in the permissions window by placing JavaScript in users' usernames.

6.1CVSS6.8AI score0.00181EPSS
CVE
CVEadded 2018/11/27 9:0 p.m.34 views

CVE-2018-13337

Session Fixation in the web application for TerraMaster TOS version 3.1.03 allows attackers to control users' session cookies via JavaScript.

5.8CVSS6.4AI score0.00199EPSS
CVE
CVEadded 2018/11/27 9:29 p.m.34 views

CVE-2018-13350

SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute SQL queries via the "Event" parameter.

9.8CVSS9.9AI score0.01913EPSS
CVE
CVEadded 2018/11/27 9:29 p.m.34 views

CVE-2018-13352

Session Exposure in the web application for TerraMaster TOS version 3.1.03 allows attackers to view active session tokens in a world-readable directory.

7.5CVSS7.9AI score0.00316EPSS
CVE
CVEadded 2018/11/27 9:29 p.m.34 views

CVE-2018-13353

System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute commands via the "checkport" parameter.

9CVSS9.4AI score0.16269EPSS
CVE
CVEadded 2018/11/27 9:29 p.m.34 views

CVE-2018-13356

Incorrect access control on ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to elevate user permissions.

9CVSS8.9AI score0.00484EPSS
CVE
CVEadded 2018/11/27 9:29 p.m.33 views

CVE-2018-13335

Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing shared folders via their descriptions.

5.4CVSS6.1AI score0.00206EPSS
CVE
CVEadded 2018/11/27 9:29 p.m.33 views

CVE-2018-13360

Cross-site scripting in Text Editor in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "filename" URL parameter.

6.1CVSS6.8AI score0.0024EPSS
CVE
CVEadded 2018/11/27 9:29 p.m.32 views

CVE-2018-13357

Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing Shared Folders via JavaScript in Shared Folders' names.

5.4CVSS6.1AI score0.00206EPSS
CVE
CVEadded 2018/11/27 9:0 p.m.31 views

CVE-2018-13329

Cross-site scripting in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "lines" URL parameter.

6.1CVSS6.8AI score0.0024EPSS
CVE
CVEadded 2018/11/27 9:29 p.m.31 views

CVE-2018-13330

System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands during group creation via the "groupname" parameter.

9CVSS8.7AI score0.12645EPSS
CVE
CVEadded 2018/11/27 9:29 p.m.31 views

CVE-2018-13355

Incorrect access controls in ajaxdata.php in TerraMaster TOS version 3.1.03 allow attackers to create user groups without proper authorization.

6.5CVSS7AI score0.00146EPSS
CVE
CVEadded 2018/11/27 9:29 p.m.31 views

CVE-2018-13359

Cross-site scripting in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "modgroup" parameter.

8.8CVSS8.6AI score0.02581EPSS
CVE
CVEadded 2018/11/27 9:29 p.m.30 views

CVE-2018-13331

Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing users by placing JavaScript in their usernames.

6.1CVSS6.8AI score0.0024EPSS
CVE
CVEadded 2018/11/27 9:29 p.m.30 views

CVE-2018-13349

Cross-site scripting in the web application taskbar in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the user's username.

6.1CVSS6.8AI score0.0024EPSS
CVE
CVEadded 2018/11/27 9:29 p.m.30 views

CVE-2018-13351

Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the edit password form.

4.8CVSS6.2AI score0.00235EPSS