Search Results | AttackerKB

3 Total Results

Displaying 1-3 of 3

Attacker Value

Very High

CVE-2020-28188

Disclosure Date: December 24, 2020 (last updated January 29, 2021)

Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter.

Attacker Value

Very High

CVE-2020-7961

Disclosure Date: March 20, 2020 (last updated January 29, 2021)

Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS).

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Very High

CVE-2020-35665

Disclosure Date: December 23, 2020 (last updated October 07, 2023)

An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation.

Attack Vector: Network Privileges: None User Interaction: None

3 Total Results

Displaying 1-3 of 3

Very High

CVE-2020-28188

Very High

CVE-2020-7961

Very High

CVE-2020-35665

Quick Cookie Notification