Product:

Terramaster_operating_system

(Terra\-Master)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 28
Date Id Summary Products Score Patch Annotated
2018-11-27 CVE-2018-13357 Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing Shared Folders via JavaScript in Shared Folders' names. Terramaster_operating_system 5.4
2018-11-27 CVE-2018-13356 Incorrect access control on ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to elevate user permissions. Terramaster_operating_system 8.8
2018-11-27 CVE-2018-13355 Incorrect access controls in ajaxdata.php in TerraMaster TOS version 3.1.03 allow attackers to create user groups without proper authorization. Terramaster_operating_system 6.5
2018-11-27 CVE-2018-13354 System command injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "Event" parameter. Terramaster_operating_system 9.8
2018-11-27 CVE-2018-13353 System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute commands via the "checkport" parameter. Terramaster_operating_system 8.8
2018-11-27 CVE-2018-13352 Session Exposure in the web application for TerraMaster TOS version 3.1.03 allows attackers to view active session tokens in a world-readable directory. Terramaster_operating_system 7.5
2018-11-27 CVE-2018-13351 Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the edit password form. Terramaster_operating_system 4.8
2018-11-27 CVE-2018-13350 SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute SQL queries via the "Event" parameter. Terramaster_operating_system 9.8
2018-11-27 CVE-2018-13349 Cross-site scripting in the web application taskbar in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the user's username. Terramaster_operating_system 6.1
2018-11-27 CVE-2018-13338 System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "username" parameter during user creation. Terramaster_operating_system 9.8