Terramaster Operating System

terramaster_operating_system

Vendor: Terra Master • 28 CVEs

CVEs (28)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-13333 1Terra Master 1Terramaster Operating System Nov 21, 2024 Nov 27, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting in File Manager in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript in the permissions window by placing JavaScript in users' usernames.
CVE-2018-13332 1Terra Master 1Terramaster Operating System Nov 21, 2024 Nov 27, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Directory Traversal in the explorer application in TerraMaster TOS version 3.1.03 allows attackers to upload files to arbitrary locations via the "path" URL parameter.
CVE-2018-13331 1Terra Master 1Terramaster Operating System Nov 21, 2024 Nov 27, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing users by placing JavaScript in their usernames.
CVE-2018-13330 1Terra Master 1Terramaster Operating System Nov 21, 2024 Nov 27, 2018 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands during group creation via the "groupname" parameter.
CVE-2018-13337 1Terra Master 1Terramaster Operating System Nov 21, 2024 Nov 27, 2018 N/A· v4 5.4 MEDIUM· v3 5.8 MEDIUM· v2 Session Fixation in the web application for TerraMaster TOS version 3.1.03 allows attackers to control users' session cookies via JavaScript.
CVE-2018-13334 1Terra Master 1Terramaster Operating System Nov 21, 2024 Nov 27, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting in handle.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "options[sysname]" parameter.
CVE-2018-13329 1Terra Master 1Terramaster Operating System Nov 21, 2024 Nov 27, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "lines" URL parameter.
CVE-2017-9328 1Terra Master 1Terramaster Operating System May 13, 2026 Sep 15, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Shell metacharacter injection vulnerability in /usr/www/include/ajax/GetTest.php in TerraMaster TOS before 3.0.34 leads to remote code execution as root.

Previous 12