Show filters
24 Total Results
Displaying 1-10 of 24
Sort by:
Attacker Value
Unknown
CVE-2018-13332
Disclosure Date: November 27, 2018 (last updated November 27, 2024)
Directory Traversal in the explorer application in TerraMaster TOS version 3.1.03 allows attackers to upload files to arbitrary locations via the "path" URL parameter.
0
Attacker Value
Unknown
CVE-2018-13352
Disclosure Date: November 27, 2018 (last updated November 27, 2024)
Session Exposure in the web application for TerraMaster TOS version 3.1.03 allows attackers to view active session tokens in a world-readable directory.
0
Attacker Value
Unknown
CVE-2018-13361
Disclosure Date: November 27, 2018 (last updated November 27, 2024)
User enumeration in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to list all system users via the "modgroup" parameter.
0
Attacker Value
Unknown
CVE-2018-13359
Disclosure Date: November 27, 2018 (last updated November 27, 2024)
Cross-site scripting in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "modgroup" parameter.
0
Attacker Value
Unknown
CVE-2018-13357
Disclosure Date: November 27, 2018 (last updated November 27, 2024)
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing Shared Folders via JavaScript in Shared Folders' names.
0
Attacker Value
Unknown
CVE-2018-13351
Disclosure Date: November 27, 2018 (last updated November 27, 2024)
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the edit password form.
0
Attacker Value
Unknown
CVE-2018-13333
Disclosure Date: November 27, 2018 (last updated November 27, 2024)
Cross-site scripting in File Manager in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript in the permissions window by placing JavaScript in users' usernames.
0
Attacker Value
Unknown
CVE-2018-13331
Disclosure Date: November 27, 2018 (last updated November 27, 2024)
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing users by placing JavaScript in their usernames.
0
Attacker Value
Unknown
CVE-2018-13350
Disclosure Date: November 27, 2018 (last updated November 27, 2024)
SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute SQL queries via the "Event" parameter.
0
Attacker Value
Unknown
CVE-2018-13349
Disclosure Date: November 27, 2018 (last updated November 27, 2024)
Cross-site scripting in the web application taskbar in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the user's username.
0
