RSS   Vulnerabilities for 'Terramaster operating system'   RSS

2020-12-23
 
CVE-2020-35665

CWE-434
 
 
An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation.

 
2018-11-27
 
CVE-2018-13418

CWE-78
 
 
System command injection in ajaxdata.php in TerraMaster TOS 3.1.03 allows attackers to execute system commands via the "newname" parameter.

 
 
CVE-2018-13361

CWE-20
 
 
User enumeration in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to list all system users via the "modgroup" parameter.

 
 
CVE-2018-13360

CWE-79
 
 
Cross-site scripting in Text Editor in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "filename" URL parameter.

 
 
CVE-2018-13359

CWE-352
 
 
Cross-site scripting in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "modgroup" parameter.

 
 
CVE-2018-13358

CWE-78
 
 
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "checkName" parameter.

 
 
CVE-2018-13357

CWE-79
 
 
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing Shared Folders via JavaScript in Shared Folders' names.

 
 
CVE-2018-13356

CWE-863
 
 
Incorrect access control on ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to elevate user permissions.

 
 
CVE-2018-13355

CWE-732
 
 
Incorrect access controls in ajaxdata.php in TerraMaster TOS version 3.1.03 allow attackers to create user groups without proper authorization.

 
 
CVE-2018-13354

CWE-78
 
 
System command injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "Event" parameter.

 

Copyright 2024, cxsecurity.com

 

Back to Top