Shodan
Vulnerabilities
Vulnerable Software
Terra-Master:  >> Terramaster Operating System  >> 3.1.03  Security Vulnerabilities
CVE-2018-13333
Cross-site scripting in File Manager in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript in the permissions window by placing JavaScript in users' usernames.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-11-27
CVE-2018-13335
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing shared folders via their descriptions.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-11-27
CVE-2018-13336
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "pwd" parameter during user creation.
CVSS Score
9.8
EPSS Score
0.125
Published
2018-11-27
CVE-2018-13338
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "username" parameter during user creation.
CVSS Score
9.8
EPSS Score
0.125
Published
2018-11-27
CVE-2018-13349
Cross-site scripting in the web application taskbar in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the user's username.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-11-27
CVE-2018-13350
SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute SQL queries via the "Event" parameter.
CVSS Score
9.8
EPSS Score
0.019
Published
2018-11-27
CVE-2018-13351
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the edit password form.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-11-27
CVE-2018-13352
Session Exposure in the web application for TerraMaster TOS version 3.1.03 allows attackers to view active session tokens in a world-readable directory.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-11-27
CVE-2018-13353
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute commands via the "checkport" parameter.
CVSS Score
8.8
EPSS Score
0.163
Published
2018-11-27
CVE-2018-13354
System command injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "Event" parameter.
CVSS Score
9.8
EPSS Score
0.121
Published
2018-11-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved