Vulnerabilities > Terra Master > High

DATE CVE VULNERABILITY TITLE RISK
2018-11-27 CVE-2018-13418 OS Command Injection vulnerability in Terra-Master Terramaster Operating System 3.1.03
System command injection in ajaxdata.php in TerraMaster TOS 3.1.03 allows attackers to execute system commands via the "newname" parameter.
network
low complexity
terra-master CWE-78
8.8
8.8
2018-11-27 CVE-2018-13359 Cross-site Scripting vulnerability in Terra-Master Terramaster Operating System 3.1.03
Cross-site scripting in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "modgroup" parameter.
network
low complexity
terra-master CWE-79
8.8
8.8
2018-11-27 CVE-2018-13358 OS Command Injection vulnerability in Terra-Master Terramaster Operating System 3.1.03
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "checkName" parameter.
network
low complexity
terra-master CWE-78
8.8
8.8
2018-11-27 CVE-2018-13356 Incorrect Authorization vulnerability in Terra-Master Terramaster Operating System 3.1.03
Incorrect access control on ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to elevate user permissions.
network
low complexity
terra-master CWE-863
8.8
8.8
2018-11-27 CVE-2018-13353 OS Command Injection vulnerability in Terra-Master Terramaster Operating System 3.1.03
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute commands via the "checkport" parameter.
network
low complexity
terra-master CWE-78
8.8
8.8
2018-11-27 CVE-2018-13352 Information Exposure vulnerability in Terra-Master Terramaster Operating System 3.1.03
Session Exposure in the web application for TerraMaster TOS version 3.1.03 allows attackers to view active session tokens in a world-readable directory.
network
low complexity
terra-master CWE-200
7.5
7.5
2018-11-27 CVE-2018-13332 Path Traversal vulnerability in Terra-Master Terramaster Operating System 3.1.03
Directory Traversal in the explorer application in TerraMaster TOS version 3.1.03 allows attackers to upload files to arbitrary locations via the "path" URL parameter.
network
low complexity
terra-master CWE-22
7.5
7.5
2018-11-27 CVE-2018-13330 OS Command Injection vulnerability in Terra-Master Terramaster Operating System 3.1.03
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands during group creation via the "groupname" parameter.
network
low complexity
terra-master CWE-78
7.2
7.2