Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Terra-master Subscribe
Filtered by product Terramaster Operating System
Total 28 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-13336 1 Terra-master 1 Terramaster Operating System 2024-11-21 10.0 HIGH 9.8 CRITICAL
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "pwd" parameter during user creation.
CVE-2018-13335 1 Terra-master 1 Terramaster Operating System 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing shared folders via their descriptions.
CVE-2018-13334 1 Terra-master 1 Terramaster Operating System 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting in handle.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "options[sysname]" parameter.
CVE-2018-13333 1 Terra-master 1 Terramaster Operating System 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting in File Manager in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript in the permissions window by placing JavaScript in users' usernames.
CVE-2018-13332 1 Terra-master 1 Terramaster Operating System 2024-11-21 5.0 MEDIUM 7.5 HIGH
Directory Traversal in the explorer application in TerraMaster TOS version 3.1.03 allows attackers to upload files to arbitrary locations via the "path" URL parameter.
CVE-2018-13331 1 Terra-master 1 Terramaster Operating System 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing users by placing JavaScript in their usernames.
CVE-2018-13330 1 Terra-master 1 Terramaster Operating System 2024-11-21 9.0 HIGH 7.2 HIGH
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands during group creation via the "groupname" parameter.
CVE-2018-13329 1 Terra-master 1 Terramaster Operating System 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "lines" URL parameter.