Vulnerabilities > Terra Master

DATE CVE VULNERABILITY TITLE RISK
2018-11-27 CVE-2018-13354 OS Command Injection vulnerability in Terra-Master Terramaster Operating System 3.1.03
System command injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "Event" parameter.
network
low complexity
terra-master CWE-78
critical
9.8
2018-11-27 CVE-2018-13353 OS Command Injection vulnerability in Terra-Master Terramaster Operating System 3.1.03
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute commands via the "checkport" parameter.
network
low complexity
terra-master CWE-78
8.8
2018-11-27 CVE-2018-13352 Information Exposure vulnerability in Terra-Master Terramaster Operating System 3.1.03
Session Exposure in the web application for TerraMaster TOS version 3.1.03 allows attackers to view active session tokens in a world-readable directory.
network
low complexity
terra-master CWE-200
7.5
2018-11-27 CVE-2018-13351 Cross-site Scripting vulnerability in Terra-Master Terramaster Operating System 3.1.03
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the edit password form.
network
low complexity
terra-master CWE-79
4.8
2018-11-27 CVE-2018-13350 SQL Injection vulnerability in Terra-Master Terramaster Operating System 3.1.03
SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute SQL queries via the "Event" parameter.
network
low complexity
terra-master CWE-89
critical
9.8
2018-11-27 CVE-2018-13349 Cross-site Scripting vulnerability in Terra-Master Terramaster Operating System 3.1.03
Cross-site scripting in the web application taskbar in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the user's username.
network
low complexity
terra-master CWE-79
6.1
2018-11-27 CVE-2018-13338 OS Command Injection vulnerability in Terra-Master Terramaster Operating System 3.1.03
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "username" parameter during user creation.
network
low complexity
terra-master CWE-78
critical
9.8
2018-11-27 CVE-2018-13336 OS Command Injection vulnerability in Terra-Master Terramaster Operating System 3.1.03
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "pwd" parameter during user creation.
network
low complexity
terra-master CWE-78
critical
9.8
2018-11-27 CVE-2018-13335 Cross-site Scripting vulnerability in Terra-Master Terramaster Operating System 3.1.03
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing shared folders via their descriptions.
network
low complexity
terra-master CWE-79
5.4
2018-11-27 CVE-2018-13333 Cross-site Scripting vulnerability in Terra-Master Terramaster Operating System 3.1.03
Cross-site scripting in File Manager in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript in the permissions window by placing JavaScript in users' usernames.
network
low complexity
terra-master CWE-79
6.1