Filtered by vendor Terra-master
Subscribe
Total
46 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-13336 | 1 Terra-master | 1 Terramaster Operating System | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "pwd" parameter during user creation. | |||||
CVE-2018-13360 | 1 Terra-master | 1 Terramaster Operating System | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting in Text Editor in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "filename" URL parameter. | |||||
CVE-2018-13329 | 1 Terra-master | 1 Terramaster Operating System | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "lines" URL parameter. | |||||
CVE-2018-13333 | 1 Terra-master | 1 Terramaster Operating System | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting in File Manager in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript in the permissions window by placing JavaScript in users' usernames. | |||||
CVE-2018-13356 | 1 Terra-master | 1 Terramaster Operating System | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
Incorrect access control on ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to elevate user permissions. | |||||
CVE-2017-9328 | 1 Terra-master | 1 Terramaster Operating System | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
Shell metacharacter injection vulnerability in /usr/www/include/ajax/GetTest.php in TerraMaster TOS before 3.0.34 leads to remote code execution as root. |