National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 3 hours 13 min ago

CVE-2018-13349

Tue, 11/27/2018 - 16:29
Cross-site scripting in the web application taskbar in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the user's username.
Categories: Security News

CVE-2018-13350

Tue, 11/27/2018 - 16:29
SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute SQL queries via the "Event" parameter.
Categories: Security News

CVE-2018-13351

Tue, 11/27/2018 - 16:29
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the edit password form.
Categories: Security News

CVE-2018-13352

Tue, 11/27/2018 - 16:29
Session Exposure in the web application for TerraMaster TOS version 3.1.03 allows attackers to view active session tokens in a world-readable directory.
Categories: Security News

CVE-2018-13353

Tue, 11/27/2018 - 16:29
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute commands via the "checkport" parameter.
Categories: Security News

CVE-2018-13354

Tue, 11/27/2018 - 16:29
System command injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "Event" parameter.
Categories: Security News

CVE-2018-13355

Tue, 11/27/2018 - 16:29
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing shared folders via their descriptions.
Categories: Security News

CVE-2018-13356

Tue, 11/27/2018 - 16:29
Incorrect access control on ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to elevate user permissions.
Categories: Security News

CVE-2018-13357

Tue, 11/27/2018 - 16:29
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing Shared Folders via JavaScript in Shared Folders' names.
Categories: Security News

CVE-2018-13358

Tue, 11/27/2018 - 16:29
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "checkName" parameter.
Categories: Security News

CVE-2018-0719

Tue, 11/27/2018 - 15:29
Cross-site scripting (XSS) vulnerability in QNAP QTS 4.2.6 build 20180711 and earlier versions, 4.3.3 build 20180725 and earlier versions, and 4.3.4 build 20180710 and earlier versions could allow remote attackers to inject javascript code.
Categories: Security News

CVE-2018-10142

Tue, 11/27/2018 - 15:29
The Expedition Migration tool 1.0.106 and earlier may allow an unauthenticated attacker to enumerate files on the operating system.
Categories: Security News

CVE-2018-13022

Tue, 11/27/2018 - 15:29
Cross-site scripting vulnerability in the API 404 page on Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary JavaScript via a modified URL path.
Categories: Security News

CVE-2018-13023

Tue, 11/27/2018 - 15:29
System command injection vulnerability in wifi_access in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute system commands via the "timeout" URL parameter.
Categories: Security News

CVE-2018-13306

Tue, 11/27/2018 - 15:29
System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ftpUser" POST parameter.
Categories: Security News

CVE-2018-13307

Tue, 11/27/2018 - 15:29
System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ntpServerIp2" POST parameter. Certain payloads cause the device to become permanently inoperable.
Categories: Security News

CVE-2018-13314

Tue, 11/27/2018 - 15:29
System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ipAddr" POST parameter.
Categories: Security News

CVE-2018-13316

Tue, 11/27/2018 - 15:29
System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "subnet" POST parameter.
Categories: Security News

CVE-2018-13329

Tue, 11/27/2018 - 15:29
Cross-site scripting in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "lines" URL parameter.
Categories: Security News

CVE-2018-13334

Tue, 11/27/2018 - 15:29
Cross-site scripting in handle.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "options[sysname]" parameter.
Categories: Security News

Pages