Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Terramaster_operating_system
(Terra\-Master)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 28 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2018-11-27 | CVE-2018-13337 | Session Fixation in the web application for TerraMaster TOS version 3.1.03 allows attackers to control users' session cookies via JavaScript. | Terramaster_operating_system | 5.4 | ||
2018-11-27 | CVE-2018-13336 | System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "pwd" parameter during user creation. | Terramaster_operating_system | 9.8 | ||
2018-11-27 | CVE-2018-13335 | Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing shared folders via their descriptions. | Terramaster_operating_system | 5.4 | ||
2018-11-27 | CVE-2018-13334 | Cross-site scripting in handle.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "options[sysname]" parameter. | Terramaster_operating_system | 6.1 | ||
2018-11-27 | CVE-2018-13333 | Cross-site scripting in File Manager in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript in the permissions window by placing JavaScript in users' usernames. | Terramaster_operating_system | 6.1 | ||
2018-11-27 | CVE-2018-13332 | Directory Traversal in the explorer application in TerraMaster TOS version 3.1.03 allows attackers to upload files to arbitrary locations via the "path" URL parameter. | Terramaster_operating_system | 7.5 | ||
2018-11-27 | CVE-2018-13331 | Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing users by placing JavaScript in their usernames. | Terramaster_operating_system | 6.1 | ||
2018-11-27 | CVE-2018-13330 | System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands during group creation via the "groupname" parameter. | Terramaster_operating_system | 7.2 | ||
2018-11-27 | CVE-2018-13329 | Cross-site scripting in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "lines" URL parameter. | Terramaster_operating_system | 6.1 | ||
2017-09-15 | CVE-2017-9328 | Shell metacharacter injection vulnerability in /usr/www/include/ajax/GetTest.php in TerraMaster TOS before 3.0.34 leads to remote code execution as root. | Terramaster_operating_system | 9.8 |