Filtered by vendor Terra-master
Subscriptions
Filtered by product Terramaster Operating System
Subscriptions
Total
28 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-9328 | 1 Terra-master | 1 Terramaster Operating System | 2024-08-05 | N/A |
| Shell metacharacter injection vulnerability in /usr/www/include/ajax/GetTest.php in TerraMaster TOS before 3.0.34 leads to remote code execution as root. | ||||
| CVE-2018-13334 | 1 Terra-master | 1 Terramaster Operating System | 2024-08-05 | N/A |
| Cross-site scripting in handle.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "options[sysname]" parameter. | ||||
| CVE-2018-13359 | 1 Terra-master | 1 Terramaster Operating System | 2024-08-05 | N/A |
| Cross-site scripting in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "modgroup" parameter. | ||||
| CVE-2018-13357 | 1 Terra-master | 1 Terramaster Operating System | 2024-08-05 | N/A |
| Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing Shared Folders via JavaScript in Shared Folders' names. | ||||
| CVE-2018-13335 | 1 Terra-master | 1 Terramaster Operating System | 2024-08-05 | N/A |
| Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing shared folders via their descriptions. | ||||
| CVE-2018-13330 | 1 Terra-master | 1 Terramaster Operating System | 2024-08-05 | N/A |
| System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands during group creation via the "groupname" parameter. | ||||
| CVE-2018-13356 | 1 Terra-master | 1 Terramaster Operating System | 2024-08-05 | N/A |
| Incorrect access control on ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to elevate user permissions. | ||||
| CVE-2018-13352 | 1 Terra-master | 1 Terramaster Operating System | 2024-08-05 | N/A |
| Session Exposure in the web application for TerraMaster TOS version 3.1.03 allows attackers to view active session tokens in a world-readable directory. | ||||
| CVE-2018-13418 | 1 Terra-master | 1 Terramaster Operating System | 2024-08-05 | N/A |
| System command injection in ajaxdata.php in TerraMaster TOS 3.1.03 allows attackers to execute system commands via the "newname" parameter. | ||||
| CVE-2018-13358 | 1 Terra-master | 1 Terramaster Operating System | 2024-08-05 | N/A |
| System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "checkName" parameter. | ||||
| CVE-2018-13361 | 1 Terra-master | 1 Terramaster Operating System | 2024-08-05 | N/A |
| User enumeration in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to list all system users via the "modgroup" parameter. | ||||
| CVE-2018-13337 | 1 Terra-master | 1 Terramaster Operating System | 2024-08-05 | N/A |
| Session Fixation in the web application for TerraMaster TOS version 3.1.03 allows attackers to control users' session cookies via JavaScript. | ||||
| CVE-2018-13360 | 1 Terra-master | 1 Terramaster Operating System | 2024-08-05 | N/A |
| Cross-site scripting in Text Editor in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "filename" URL parameter. | ||||
| CVE-2018-13354 | 1 Terra-master | 1 Terramaster Operating System | 2024-08-05 | N/A |
| System command injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "Event" parameter. | ||||
| CVE-2018-13351 | 1 Terra-master | 1 Terramaster Operating System | 2024-08-05 | N/A |
| Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the edit password form. | ||||
| CVE-2018-13336 | 1 Terra-master | 1 Terramaster Operating System | 2024-08-05 | N/A |
| System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "pwd" parameter during user creation. | ||||
| CVE-2018-13350 | 1 Terra-master | 1 Terramaster Operating System | 2024-08-05 | N/A |
| SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute SQL queries via the "Event" parameter. | ||||
| CVE-2018-13329 | 1 Terra-master | 1 Terramaster Operating System | 2024-08-05 | N/A |
| Cross-site scripting in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "lines" URL parameter. | ||||
| CVE-2018-13338 | 1 Terra-master | 1 Terramaster Operating System | 2024-08-05 | N/A |
| System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "username" parameter during user creation. | ||||
| CVE-2018-13331 | 1 Terra-master | 1 Terramaster Operating System | 2024-08-05 | N/A |
| Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing users by placing JavaScript in their usernames. | ||||