Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2018
CVE-2018-13338
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "username" parameter during user creation.
CVSS Score
9.8
EPSS Score
0.125
Published
2018-11-27
CVE-2018-13349
Cross-site scripting in the web application taskbar in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the user's username.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-11-27
CVE-2018-13350
SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute SQL queries via the "Event" parameter.
CVSS Score
9.8
EPSS Score
0.019
Published
2018-11-27
CVE-2018-13351
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the edit password form.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-11-27
CVE-2018-13352
Session Exposure in the web application for TerraMaster TOS version 3.1.03 allows attackers to view active session tokens in a world-readable directory.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-11-27
CVE-2018-13353
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute commands via the "checkport" parameter.
CVSS Score
8.8
EPSS Score
0.163
Published
2018-11-27
CVE-2018-13354
System command injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "Event" parameter.
CVSS Score
9.8
EPSS Score
0.121
Published
2018-11-27
CVE-2018-13355
Incorrect access controls in ajaxdata.php in TerraMaster TOS version 3.1.03 allow attackers to create user groups without proper authorization.
CVSS Score
6.5
EPSS Score
0.001
Published
2018-11-27
CVE-2018-13356
Incorrect access control on ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to elevate user permissions.
CVSS Score
8.8
EPSS Score
0.005
Published
2018-11-27
CVE-2018-13357
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing Shared Folders via JavaScript in Shared Folders' names.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-11-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved