Vulnerabilities > Terra Master > Terramaster Operating System
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-27 | CVE-2018-13355 | Incorrect Permission Assignment for Critical Resource vulnerability in Terra-Master Terramaster Operating System 3.1.03 Incorrect access controls in ajaxdata.php in TerraMaster TOS version 3.1.03 allow attackers to create user groups without proper authorization. | 4.0 |
| 2018-11-27 | CVE-2018-13354 | OS Command Injection vulnerability in Terra-Master Terramaster Operating System 3.1.03 System command injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "Event" parameter. | 10.0 |
| 2018-11-27 | CVE-2018-13353 | OS Command Injection vulnerability in Terra-Master Terramaster Operating System 3.1.03 System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute commands via the "checkport" parameter. | 9.0 |
| 2018-11-27 | CVE-2018-13352 | Information Exposure vulnerability in Terra-Master Terramaster Operating System 3.1.03 Session Exposure in the web application for TerraMaster TOS version 3.1.03 allows attackers to view active session tokens in a world-readable directory. | 5.0 |
| 2018-11-27 | CVE-2018-13351 | Cross-site Scripting vulnerability in Terra-Master Terramaster Operating System 3.1.03 Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the edit password form. | 3.5 |
| 2018-11-27 | CVE-2018-13350 | SQL Injection vulnerability in Terra-Master Terramaster Operating System 3.1.03 SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute SQL queries via the "Event" parameter. | 7.5 |
| 2018-11-27 | CVE-2018-13349 | Cross-site Scripting vulnerability in Terra-Master Terramaster Operating System 3.1.03 Cross-site scripting in the web application taskbar in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the user's username. | 4.3 |
| 2018-11-27 | CVE-2018-13338 | OS Command Injection vulnerability in Terra-Master Terramaster Operating System 3.1.03 System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "username" parameter during user creation. | 10.0 |
| 2018-11-27 | CVE-2018-13336 | OS Command Injection vulnerability in Terra-Master Terramaster Operating System 3.1.03 System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "pwd" parameter during user creation. | 10.0 |
| 2018-11-27 | CVE-2018-13335 | Cross-site Scripting vulnerability in Terra-Master Terramaster Operating System 3.1.03 Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing shared folders via their descriptions. | 3.5 |