Filtered by vendor Terra-master
Subscribe
Total
47 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-18384 | 1 Terra-master | 2 Fs-210, Fs-210 Firmware | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on TerraMaster FS-210 4.0.19 devices. An authenticated remote non-administrative user can read unauthorized shared files, as demonstrated by the filename=*public*%25252Fadmin_OnlyRead.txt substring. | |||||
| CVE-2019-18195 | 1 Terra-master | 2 F2-210, F2-210 Firmware | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered on TerraMaster FS-210 4.0.19 devices. Normal users can use 1.user.php for privilege elevation. | |||||
| CVE-2018-13333 | 1 Terra-master | 1 Terramaster Operating System | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in File Manager in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript in the permissions window by placing JavaScript in users' usernames. | |||||
| CVE-2018-13330 | 1 Terra-master | 1 Terramaster Operating System | 2023-12-10 | 9.0 HIGH | 7.2 HIGH |
| System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands during group creation via the "groupname" parameter. | |||||
| CVE-2018-13354 | 1 Terra-master | 1 Terramaster Operating System | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| System command injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "Event" parameter. | |||||
| CVE-2018-13337 | 1 Terra-master | 1 Terramaster Operating System | 2023-12-10 | 5.8 MEDIUM | 5.4 MEDIUM |
| Session Fixation in the web application for TerraMaster TOS version 3.1.03 allows attackers to control users' session cookies via JavaScript. | |||||
| CVE-2018-13351 | 1 Terra-master | 1 Terramaster Operating System | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the edit password form. | |||||
| CVE-2018-13336 | 1 Terra-master | 1 Terramaster Operating System | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "pwd" parameter during user creation. | |||||
| CVE-2018-13357 | 1 Terra-master | 1 Terramaster Operating System | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing Shared Folders via JavaScript in Shared Folders' names. | |||||
| CVE-2018-13356 | 1 Terra-master | 1 Terramaster Operating System | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
| Incorrect access control on ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to elevate user permissions. | |||||
| CVE-2018-13335 | 1 Terra-master | 1 Terramaster Operating System | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing shared folders via their descriptions. | |||||
| CVE-2018-13358 | 1 Terra-master | 1 Terramaster Operating System | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
| System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "checkName" parameter. | |||||
| CVE-2018-13359 | 1 Terra-master | 1 Terramaster Operating System | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site scripting in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "modgroup" parameter. | |||||
| CVE-2018-13360 | 1 Terra-master | 1 Terramaster Operating System | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in Text Editor in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "filename" URL parameter. | |||||
| CVE-2018-13353 | 1 Terra-master | 1 Terramaster Operating System | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
| System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute commands via the "checkport" parameter. | |||||
| CVE-2018-13352 | 1 Terra-master | 1 Terramaster Operating System | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Session Exposure in the web application for TerraMaster TOS version 3.1.03 allows attackers to view active session tokens in a world-readable directory. | |||||
| CVE-2018-13338 | 1 Terra-master | 1 Terramaster Operating System | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "username" parameter during user creation. | |||||
| CVE-2018-13418 | 1 Terra-master | 1 Terramaster Operating System | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
| System command injection in ajaxdata.php in TerraMaster TOS 3.1.03 allows attackers to execute system commands via the "newname" parameter. | |||||
| CVE-2018-13361 | 1 Terra-master | 1 Terramaster Operating System | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| User enumeration in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to list all system users via the "modgroup" parameter. | |||||
| CVE-2018-13334 | 1 Terra-master | 1 Terramaster Operating System | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in handle.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "options[sysname]" parameter. | |||||