Skip to main content
CVE-2018-13355 MEDIUM POC This Month

Incorrect access controls in ajaxdata.php in TerraMaster TOS version 3.1.03 allow attackers to create user groups without proper authorization. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Terramaster Operating System
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-19609 MEDIUM POC This Month

ShowDoc 2.4.1 allows remote attackers to obtain sensitive information by navigating with a modified page_id, as demonstrated by reading note content, or discovering a username in the JSON data at a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Showdoc
NVD GitHub
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-19607 MEDIUM POC This Month

Exiv2::isoSpeed in easyaccess.cpp in Exiv2 v0.27-RC2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Exiv2
NVD GitHub
CVSS 3.0
6.5
EPSS
2.2%
CVE-2018-19587 MEDIUM POC This Month

In Cesanta Mongoose 6.13, a SIGSEGV exists in the mongoose.c mg_mqtt_add_session() function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Mongoose
NVD GitHub
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-13360 MEDIUM POC This Month

Cross-site scripting in Text Editor in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "filename" URL parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Terramaster Operating System
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-13349 MEDIUM POC This Month

Cross-site scripting in the web application taskbar in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the user's username. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Terramaster Operating System
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-13333 MEDIUM POC This Month

Cross-site scripting in File Manager in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript in the permissions window by placing JavaScript in users' usernames. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Terramaster Operating System
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-13331 MEDIUM POC This Month

Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing users by placing JavaScript in their usernames. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Terramaster Operating System
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-13334 MEDIUM POC This Month

Cross-site scripting in handle.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "options[sysname]" parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Terramaster Operating System
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-13329 MEDIUM POC This Month

Cross-site scripting in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "lines" URL parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Terramaster Operating System
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-13022 MEDIUM POC This Month

Cross-site scripting vulnerability in the API 404 page on Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary JavaScript via a modified URL path. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Miwifi Os
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-13357 MEDIUM POC This Month

Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing Shared Folders via JavaScript in Shared Folders' names. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Terramaster Operating System
NVD
CVSS 3.0
5.4
EPSS
0.9%
CVE-2018-13335 MEDIUM POC This Month

Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing shared folders via their descriptions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Terramaster Operating System
NVD
CVSS 3.0
5.4
EPSS
0.9%
CVE-2018-13337 MEDIUM POC This Month

Session Fixation in the web application for TerraMaster TOS version 3.1.03 allows attackers to control users' session cookies via JavaScript. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Session Fixation Information Disclosure Terramaster Operating System
NVD
CVSS 3.0
5.4
EPSS
1.2%
CVE-2018-13361 MEDIUM POC THREAT This Month

User enumeration in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to list all system users via the "modgroup" parameter. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Terramaster Operating System
NVD
CVSS 3.0
5.3
EPSS
16.9%
CVE-2018-13351 MEDIUM POC This Month

Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the edit password form. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Terramaster Operating System
NVD
CVSS 3.0
4.8
EPSS
0.9%
CVE-2018-7961 MEDIUM This Month

There is a smart SMS verification code vulnerability in some Huawei smart phones. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Emily Al00A Firmware
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-11946 MEDIUM PATCH This Month

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, the UPnP daemon should not be running out of box because it enables port forwarding without. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Google Mozilla Information Disclosure Linux Android
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2018-9084 MEDIUM This Month

In System Management Module (SMM) versions prior to 1.06, if an attacker manages to log in to the device OS, the validation of software updates can be circumvented. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure System Management Module Firmware
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2018-12241 MEDIUM This Month

The Symantec Security Analytics (SA) 7.x prior to 7.3.4 Web UI is susceptible to a reflected cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Security Analytics
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-16096 MEDIUM This Month

In System Management Module (SMM) versions prior to 1.06, the SMM web interface for changing Enclosure VPD fails to sufficiently sanitize all input for HTML tags, possibly opening a path for. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS System Management Module Firmware
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2018-7959 MEDIUM This Month

There is a short key vulnerability in Huawei eSpace product. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Huawei Information Disclosure Espace 7950 Firmware
NVD
CVSS 3.0
5.9
EPSS
0.8%
CVE-2018-16095 MEDIUM This Month

In System Management Module (SMM) versions prior to 1.06, the SMM records hashed passwords to a debug log when user authentication fails. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure System Management Module Firmware
NVD
CVSS 3.0
5.9
EPSS
0.9%
CVE-2018-0719 MEDIUM This Month

Cross-site Scripting (XSS) vulnerability in NAS devices of QNAP Systems Inc. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Qnap Qts
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2018-6266 MEDIUM PATCH This Month

NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows where a local user may obtain third party integration parameters, which may lead to information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Nvidia Geforce Experience
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-17256 MEDIUM This Month

Persistent cross-site scripting (XSS) vulnerability in Umbraco CMS 7.12.3 allows authenticated users to inject arbitrary web script via the Header Name of a content (Blog, Content Page, etc.). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Umbraco Cms
NVD
CVSS 3.0
4.8
EPSS
0.7%
CVE-2018-7988 MEDIUM This Month

There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Nova 2 Plus Firmware Mate 9 Pro Firmware
NVD
CVSS 3.0
4.6
EPSS
0.2%
CVE-2018-7946 MEDIUM This Month

There is an information leak vulnerability in some Huawei smartphones. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Honor 7A Firmware Honor 9 Lite Firmware
NVD
CVSS 3.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy