Terramaster_operating_system - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Terramaster_operating_system
(Terra\-Master)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	28

Date	Id	Summary	Products	Score	Patch	Annotated
2018-11-27	CVE-2018-13357	Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing Shared Folders via JavaScript in Shared Folders' names.	Terramaster_operating_system	5.4
2018-11-27	CVE-2018-13356	Incorrect access control on ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to elevate user permissions.	Terramaster_operating_system	8.8
2018-11-27	CVE-2018-13355	Incorrect access controls in ajaxdata.php in TerraMaster TOS version 3.1.03 allow attackers to create user groups without proper authorization.	Terramaster_operating_system	6.5
2018-11-27	CVE-2018-13354	System command injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "Event" parameter.	Terramaster_operating_system	9.8
2018-11-27	CVE-2018-13353	System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute commands via the "checkport" parameter.	Terramaster_operating_system	8.8
2018-11-27	CVE-2018-13352	Session Exposure in the web application for TerraMaster TOS version 3.1.03 allows attackers to view active session tokens in a world-readable directory.	Terramaster_operating_system	7.5
2018-11-27	CVE-2018-13351	Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the edit password form.	Terramaster_operating_system	4.8
2018-11-27	CVE-2018-13350	SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute SQL queries via the "Event" parameter.	Terramaster_operating_system	9.8
2018-11-27	CVE-2018-13349	Cross-site scripting in the web application taskbar in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the user's username.	Terramaster_operating_system	6.1
2018-11-27	CVE-2018-13338	System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "username" parameter during user creation.	Terramaster_operating_system	9.8