RSS   Podatności dla 'Terramaster operating system'   RSS

2020-12-23
 
CVE-2020-35665

CWE-434
 

 
An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation.

 
2018-11-27
 
CVE-2018-13418

CWE-78
 

 
System command injection in ajaxdata.php in TerraMaster TOS 3.1.03 allows attackers to execute system commands via the "newname" parameter.

 
 
CVE-2018-13361

CWE-20
 

 
User enumeration in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to list all system users via the "modgroup" parameter.

 
 
CVE-2018-13360

CWE-79
 

 
Cross-site scripting in Text Editor in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "filename" URL parameter.

 
 
CVE-2018-13359

CWE-352
 

 
Cross-site scripting in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "modgroup" parameter.

 
 
CVE-2018-13358

CWE-78
 

 
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "checkName" parameter.

 
 
CVE-2018-13357

CWE-79
 

 
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing Shared Folders via JavaScript in Shared Folders' names.

 
 
CVE-2018-13356

CWE-863
 

 
Incorrect access control on ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to elevate user permissions.

 
 
CVE-2018-13355

CWE-732
 

 
Incorrect access controls in ajaxdata.php in TerraMaster TOS version 3.1.03 allow attackers to create user groups without proper authorization.

 
 
CVE-2018-13354

CWE-78
 

 
System command injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "Event" parameter.

 


Copyright 2024, cxsecurity.com

 

Back to Top