TerraMaster Operating System 3.1.03
Approved changes feed: RSS · Atom
cpe:2.3:o:terra-master:terramaster_operating_system:3.1.03:*:*:*:*:*:*:*
part: o version: 3.1.03 update: *
| Vendor | Terra Master (d89fe82a-9386-553b-9a83-7412a03e5915) |
|---|---|
| Product | Terramaster Operating System (13817686-03da-511b-b151-f45a7c059690) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2018-13418 |
vulnerable | 2026-06-03 14:38:10.572501 |
Details available
System command injection in ajaxdata.php in TerraMaster TOS 3.1.03 allows attackers to execute system commands via the "newname" parameter.
Published: 2018-11-27T21:00:00.000Z
Updated: 2024-08-05T09:00:35.131Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-13361 |
vulnerable | 2026-06-03 14:38:10.471828 |
Details available
User enumeration in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to list all system users via the "modgroup" parameter.
Published: 2018-11-27T21:00:00.000Z
Updated: 2024-08-05T09:00:35.126Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-13360 |
vulnerable | 2026-06-03 14:38:10.471433 |
Details available
Cross-site scripting in Text Editor in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "filename" URL parameter.
Published: 2018-11-27T21:00:00.000Z
Updated: 2024-08-05T09:00:35.125Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-13359 |
vulnerable | 2026-06-03 14:38:10.471173 |
Details available
Cross-site scripting in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "modgroup" parameter.
Published: 2018-11-27T21:00:00.000Z
Updated: 2024-08-05T09:00:35.179Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-13358 |
vulnerable | 2026-06-03 14:38:10.470910 |
Details available
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "checkName" parameter.
Published: 2018-11-27T21:00:00.000Z
Updated: 2024-08-05T09:00:35.131Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-13357 |
vulnerable | 2026-06-03 14:38:10.470652 |
Details available
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing Shared Folders via JavaScript in Shared Folders' names.
Published: 2018-11-27T21:00:00.000Z
Updated: 2024-08-05T09:00:35.151Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-13356 |
vulnerable | 2026-06-03 14:38:10.470395 |
Details available
Incorrect access control on ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to elevate user permissions.
Published: 2018-11-27T21:00:00.000Z
Updated: 2024-08-05T09:00:35.137Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-13355 |
vulnerable | 2026-06-03 14:38:10.470144 |
Details available
Incorrect access controls in ajaxdata.php in TerraMaster TOS version 3.1.03 allow attackers to create user groups without proper authorization.
Published: 2018-11-27T21:00:00.000Z
Updated: 2024-08-05T09:00:34.854Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-13354 |
vulnerable | 2026-06-03 14:38:10.469887 |
Details available
System command injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "Event" parameter.
Published: 2018-11-27T21:00:00.000Z
Updated: 2024-08-05T09:00:35.119Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-13353 |
vulnerable | 2026-06-03 14:38:10.469629 |
Details available
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute commands via the "checkport" parameter.
Published: 2018-11-27T21:00:00.000Z
Updated: 2024-08-05T09:00:34.888Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-13352 |
vulnerable | 2026-06-03 14:38:10.469353 |
Details available
Session Exposure in the web application for TerraMaster TOS version 3.1.03 allows attackers to view active session tokens in a world-readable directory.
Published: 2018-11-27T21:00:00.000Z
Updated: 2024-08-05T09:00:35.135Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-13351 |
vulnerable | 2026-06-03 14:38:10.469089 |
Details available
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the edit password form.
Published: 2018-11-27T21:00:00.000Z
Updated: 2024-08-05T09:00:35.106Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-13350 |
vulnerable | 2026-06-03 14:38:10.468822 |
Details available
SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute SQL queries via the "Event" parameter.
Published: 2018-11-27T21:00:00.000Z
Updated: 2024-08-05T09:00:35.078Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-13349 |
vulnerable | 2026-06-03 14:38:10.468555 |
Details available
Cross-site scripting in the web application taskbar in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the user's username.
Published: 2018-11-27T21:00:00.000Z
Updated: 2024-08-05T09:00:34.837Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-13338 |
vulnerable | 2026-06-03 14:38:10.452343 |
Details available
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "username" parameter during user creation.
Published: 2018-11-27T21:00:00.000Z
Updated: 2024-08-05T09:00:34.949Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-13337 |
vulnerable | 2026-06-03 14:38:10.452074 |
Details available
Session Fixation in the web application for TerraMaster TOS version 3.1.03 allows attackers to control users' session cookies via JavaScript.
Published: 2018-11-27T21:00:00.000Z
Updated: 2024-08-05T09:00:35.126Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-13336 |
vulnerable | 2026-06-03 14:38:10.451803 |
Details available
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "pwd" parameter during user creation.
Published: 2018-11-27T21:00:00.000Z
Updated: 2024-08-05T09:00:35.081Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-13335 |
vulnerable | 2026-06-03 14:38:10.451521 |
Details available
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing shared folders via their descriptions.
Published: 2018-11-27T21:00:00.000Z
Updated: 2024-08-05T09:00:35.145Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-13334 |
vulnerable | 2026-06-03 14:38:10.451276 |
Details available
Cross-site scripting in handle.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "options[sysname]" parameter.
Published: 2018-11-27T21:00:00.000Z
Updated: 2024-08-05T09:00:35.290Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-13333 |
vulnerable | 2026-06-03 14:38:10.450999 |
Details available
Cross-site scripting in File Manager in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript in the permissions window by placing JavaScript in users' usernames.
Published: 2018-11-27T21:00:00.000Z
Updated: 2024-08-05T09:00:34.819Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-13332 |
vulnerable | 2026-06-03 14:38:10.450742 |
Details available
Directory Traversal in the explorer application in TerraMaster TOS version 3.1.03 allows attackers to upload files to arbitrary locations via the "path" URL parameter.
Published: 2018-11-27T21:00:00.000Z
Updated: 2024-08-05T09:00:34.811Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-13331 |
vulnerable | 2026-06-03 14:38:10.450451 |
Details available
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing users by placing JavaScript in their usernames.
Published: 2018-11-27T21:00:00.000Z
Updated: 2024-08-05T09:00:34.902Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-13330 |
vulnerable | 2026-06-03 14:38:10.450169 |
Details available
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands during group creation via the "groupname" parameter.
Published: 2018-11-27T21:00:00.000Z
Updated: 2024-08-05T09:00:35.141Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-13329 |
vulnerable | 2026-06-03 14:38:10.449772 |
Details available
Cross-site scripting in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "lines" URL parameter.
Published: 2018-11-27T21:00:00.000Z
Updated: 2024-08-05T09:00:35.040Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.