Search Results | AttackerKB

28 Total Results

Displaying 11-20 of 28

Attacker Value

Unknown

CVE-2018-13333

Disclosure Date: November 27, 2018 (last updated November 27, 2024)

Cross-site scripting in File Manager in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript in the permissions window by placing JavaScript in users' usernames.

Attacker Value

Unknown

CVE-2018-13350

Disclosure Date: November 27, 2018 (last updated November 27, 2024)

SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute SQL queries via the "Event" parameter.

Attacker Value

Unknown

CVE-2018-13349

Disclosure Date: November 27, 2018 (last updated November 27, 2024)

Cross-site scripting in the web application taskbar in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the user's username.

Attacker Value

Unknown

CVE-2018-13360

Disclosure Date: November 27, 2018 (last updated November 27, 2024)

Cross-site scripting in Text Editor in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "filename" URL parameter.

Attacker Value

Unknown

CVE-2018-13336

Disclosure Date: November 27, 2018 (last updated November 27, 2024)

System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "pwd" parameter during user creation.

Attacker Value

Unknown

CVE-2018-13330

Disclosure Date: November 27, 2018 (last updated November 27, 2024)

System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands during group creation via the "groupname" parameter.

Attacker Value

Unknown

CVE-2018-13358

Disclosure Date: November 27, 2018 (last updated November 27, 2024)

System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "checkName" parameter.

Attacker Value

Unknown

CVE-2018-13338

Disclosure Date: November 27, 2018 (last updated November 27, 2024)

System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "username" parameter during user creation.

Attacker Value

Unknown

CVE-2018-13335

Disclosure Date: November 27, 2018 (last updated November 27, 2024)

Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing shared folders via their descriptions.

Attacker Value

Unknown

CVE-2018-13355

Disclosure Date: November 27, 2018 (last updated November 27, 2024)

Incorrect access controls in ajaxdata.php in TerraMaster TOS version 3.1.03 allow attackers to create user groups without proper authorization.

28 Total Results

Displaying 11-20 of 28

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Quick Cookie Notification