| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
501 |
CVE-2018-15710 |
78 |
|
|
2018-11-14 |
2019-10-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php. |
|
502 |
CVE-2018-15709 |
78 |
|
Exec Code |
2018-11-14 |
2019-10-03 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Nagios XI 5.5.6 allows remote authenticated attackers to execute arbitrary commands via a crafted HTTP request. |
|
503 |
CVE-2018-15708 |
|
|
Exec Code |
2018-11-14 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request. |
|
504 |
CVE-2018-15693 |
863 |
|
Bypass |
2018-11-16 |
2019-10-03 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier allows authenticated users authorization bypass via insecure direct object reference. |
|
505 |
CVE-2018-15692 |
863 |
|
Bypass |
2018-11-16 |
2019-10-03 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier allows authenticated users authorization bypass and data manipulation in certain functions. |
|
506 |
CVE-2018-15537 |
434 |
|
Exec Code +Priv |
2018-11-29 |
2019-01-31 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Unrestricted file upload (with remote code execution) in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests. |
|
507 |
CVE-2018-15454 |
20 |
|
DoS |
2018-11-01 |
2019-10-09 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
A vulnerability in the Session Initiation Protocol (SIP) inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload or trigger high CPU, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of SIP traffic. An attacker could exploit this vulnerability by sending SIP requests designed to specifically trigger this issue at a high rate across an affected device. Software updates that address this vulnerability are not yet available. |
|
508 |
CVE-2018-15452 |
427 |
|
|
2018-11-13 |
2019-10-09 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A vulnerability in the DLL loading component of Cisco Advanced Malware Protection (AMP) for Endpoints on Windows could allow an authenticated, local attacker to disable system scanning services or take other actions to prevent detection of unauthorized intrusions. To exploit this vulnerability, the attacker would need to have administrative credentials on the Windows system. The vulnerability is due to the improper validation of resources loaded by a system process at run time. An attacker could exploit this vulnerability by crafting a malicious DLL file and placing it in a specific location on the targeted system. A successful exploit could allow the attacker to disable the targeted system's scanning services and ultimately prevent the system from being protected from further intrusion. There are no workarounds that address this vulnerability. |
|
509 |
CVE-2018-15451 |
79 |
|
Exec Code XSS |
2018-11-08 |
2019-10-09 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. |
|
510 |
CVE-2018-15450 |
22 |
|
Dir. Trav. |
2018-11-08 |
2020-09-16 |
5.5 |
None |
Remote |
Low |
??? |
None |
Partial |
Partial |
|
A vulnerability in the web-based UI of Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to overwrite files on the file system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using a specific UI input field to provide a custom path location. A successful exploit could allow the attacker to overwrite files on the file system. |
|
511 |
CVE-2018-15449 |
20 |
|
DoS |
2018-11-08 |
2019-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A vulnerability in the web-based management interface of Cisco Video Surveillance Media Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to cause the web-based management interface to become unreachable, resulting in a DoS condition. |
|
512 |
CVE-2018-15448 |
|
|
|
2018-11-08 |
2020-09-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A vulnerability in the user management functions of Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to discover sensitive user information. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to an insecure configuration that allows improper indexing. An attacker could exploit this vulnerability by using a search engine to look for specific data strings. A successful exploit could allow the attacker to discover certain sensitive information about the application, including usernames. |
|
513 |
CVE-2018-15447 |
89 |
|
Exec Code Sql |
2018-11-08 |
2019-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A vulnerability in the web framework code of Cisco Integrated Management Controller (IMC) Supervisor could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation of user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected application. |
|
514 |
CVE-2018-15446 |
200 |
|
+Info |
2018-11-08 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper protections on data that is returned from user meeting requests when the Guest access via ID and passcode option is set to Legacy mode. An attacker could exploit this vulnerability by sending meeting requests to an affected system. A successful exploit could allow the attacker to determine the values of meeting room unique identifiers, possibly allowing the attacker to conduct further exploits. |
|
515 |
CVE-2018-15445 |
352 |
|
CSRF |
2018-11-08 |
2019-10-09 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
A vulnerability in the web-based management interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. |
|
516 |
CVE-2018-15444 |
611 |
|
|
2018-11-08 |
2019-10-09 |
4.9 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
None |
|
A vulnerability in the web-based user interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by convincing a user of an affected system to import a crafted XML file with malicious entries, which could allow the attacker to read and write files within the affected application. |
|
517 |
CVE-2018-15443 |
400 |
|
Bypass |
2018-11-08 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a configured Intrusion Prevention System (IPS) rule that inspects certain types of TCP traffic. The vulnerability is due to incorrect TCP retransmission handling. An attacker could exploit this vulnerability by sending a crafted TCP connection request through an affected device. A successful exploit could allow the attacker to bypass configured IPS rules and allow uninspected traffic onto the network. |
|
518 |
CVE-2018-15441 |
89 |
|
Exec Code +Priv Sql |
2018-11-28 |
2019-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A vulnerability in the web framework code of Cisco Prime License Manager (PLM) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation of user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted HTTP POST requests that contain malicious SQL statements to an affected application. A successful exploit could allow the attacker to modify and delete arbitrary data in the PLM database or gain shell access with the privileges of the postgres user. |
|
519 |
CVE-2018-15439 |
798 |
|
Exec Code Bypass |
2018-11-08 |
2020-08-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A vulnerability in the Cisco Small Business Switches software could allow an unauthenticated, remote attacker to bypass the user authentication mechanism of an affected device. The vulnerability exists because under specific circumstances, the affected software enables a privileged user account without notifying administrators of the system. An attacker could exploit this vulnerability by using this account to log in to an affected device and execute commands with full admin rights. Cisco has not released software updates that address this vulnerability. This advisory will be updated with fixed software information once fixed software becomes available. There is a workaround to address this vulnerability. |
|
520 |
CVE-2018-15437 |
400 |
|
|
2018-11-08 |
2020-09-16 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
A vulnerability in the system scanning component of Cisco Immunet and Cisco Advanced Malware Protection (AMP) for Endpoints running on Microsoft Windows could allow a local attacker to disable the scanning functionality of the product. This could allow executable files to be launched on the system without being analyzed for threats. The vulnerability is due to improper process resource handling. An attacker could exploit this vulnerability by gaining local access to a system running Microsoft Windows and protected by Cisco Immunet or Cisco AMP for Endpoints and executing a malicious file. A successful exploit could allow the attacker to prevent the scanning services from functioning properly and ultimately prevent the system from being protected from further intrusion. |
|
521 |
CVE-2018-15394 |
|
|
+Priv Bypass |
2018-11-08 |
2019-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A vulnerability in the Stealthwatch Management Console (SMC) of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected system. The vulnerability is due to an insecure system configuration. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted application. An exploit could allow the attacker to gain unauthenticated access, resulting in elevated privileges in the SMC. |
|
522 |
CVE-2018-15393 |
79 |
|
Exec Code XSS |
2018-11-08 |
2019-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A vulnerability in the web-based management interface of Cisco Content Security Management Appliance (SMA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. |
|
523 |
CVE-2018-15381 |
502 |
|
Exec Code |
2018-11-08 |
2019-10-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
A Java deserialization vulnerability in Cisco Unity Express (CUE) could allow an unauthenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to the listening Java Remote Method Invocation (RMI) service. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges. |
|
524 |
CVE-2018-14935 |
79 |
|
XSS |
2018-11-15 |
2018-12-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The Web administration console on Polycom Trio devices with software before 5.5.4 has XSS. |
|
525 |
CVE-2018-14934 |
732 |
|
|
2018-11-15 |
2019-10-03 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
The Bluetooth subsystem on Polycom Trio devices with software before 5.5.4 has Incorrect Access Control. An attacker can connect without authentication and subsequently record audio from the device microphone. |
|
526 |
CVE-2018-14893 |
78 |
|
Exec Code |
2018-11-27 |
2020-08-24 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
A system command injection vulnerability in zyshclient in ZyXEL NSA325 V2 version 4.81 allows attackers to execute system commands via the web application API. |
|
527 |
CVE-2018-14892 |
352 |
|
CSRF |
2018-11-27 |
2018-12-26 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Missing protections against Cross-Site Request Forgery in the web application in ZyXEL NSA325 V2 version 4.81 allow attackers to perform state-changing actions via crafted HTTP forms. |
|
528 |
CVE-2018-14749 |
119 |
|
Overflow |
2018-11-28 |
2018-12-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer Overflow vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could have unspecified impact on the NAS. |
|
529 |
CVE-2018-14748 |
863 |
|
|
2018-11-28 |
2019-10-03 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Improper Authorization vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to power off the NAS. |
|
530 |
CVE-2018-14747 |
476 |
|
|
2018-11-28 |
2018-12-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
NULL Pointer Dereference vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to crash the NAS media server. |
|
531 |
CVE-2018-14746 |
77 |
|
|
2018-11-28 |
2019-10-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Command Injection vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to run arbitrary commands on the NAS. |
|
532 |
CVE-2018-14667 |
94 |
|
Exec Code |
2018-11-06 |
2020-08-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData. |
|
533 |
CVE-2018-14663 |
20 |
|
|
2018-11-26 |
2019-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such that the addition of a record by dnsdist, for example an OPT record when adding EDNS Client Subnet, might result in the trailing data being smuggled to the backend as a valid record while not seen by dnsdist. This is an issue when dnsdist is deployed as a DNS Firewall and used to filter some records that should not be received by the backend. This issue occurs only when either the 'useClientSubnet' or the experimental 'addXPF' parameters are used when declaring a new backend. |
|
534 |
CVE-2018-14660 |
400 |
|
|
2018-11-01 |
2021-11-30 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory exhaustion of glusterfs server node. |
|
535 |
CVE-2018-14658 |
601 |
|
|
2018-11-13 |
2019-10-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for both Login and Logout are not normalized in org.keycloak.protocol.oidc.utils.RedirectUtils before the redirect url is verified. This can lead to an Open Redirection attack |
|
536 |
CVE-2018-14657 |
307 |
|
|
2018-11-13 |
2020-12-04 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. When TOPT enabled, an improper implementation of the Brute Force detection algorithm will not enforce its protection measures. |
|
537 |
CVE-2018-14655 |
79 |
|
XSS |
2018-11-13 |
2019-10-09 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. When using 'response_mode=form_post' it is possible to inject arbitrary Javascript-Code via the 'state'-parameter in the authentication URL. This allows an XSS-Attack upon succesfully login. |
|
538 |
CVE-2018-14646 |
476 |
|
DoS |
2018-11-26 |
2019-10-09 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service. |
|
539 |
CVE-2018-14644 |
20 |
|
|
2018-11-09 |
2019-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. A remote attacker sending a DNS query for a meta-type like OPT can lead to a zone being wrongly cached as failing DNSSEC validation. It only arises if the parent zone is signed, and all the authoritative servers for that parent zone answer with FORMERR to a query for at least one of the meta-types. As a result, subsequent queries from clients requesting DNSSEC validation will be answered with a ServFail. |
|
540 |
CVE-2018-14637 |
287 |
|
|
2018-11-30 |
2019-10-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The SAML broker consumer endpoint in Keycloak before version 4.6.0.Final ignores expiration conditions on SAML assertions. An attacker can exploit this vulnerability to perform a replay attack. |
|
541 |
CVE-2018-14629 |
835 |
|
DoS |
2018-11-28 |
2019-10-09 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
A denial of service vulnerability was discovered in Samba's LDAP server before versions 4.7.12, 4.8.7, and 4.9.3. A CNAME loop could lead to infinite recursion in the server. An unprivileged local attacker could create such an entry, leading to denial of service. |
|
542 |
CVE-2018-14626 |
|
|
DoS |
2018-11-29 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service. |
|
543 |
CVE-2018-13418 |
78 |
|
Exec Code |
2018-11-27 |
2019-10-03 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
System command injection in ajaxdata.php in TerraMaster TOS 3.1.03 allows attackers to execute system commands via the "newname" parameter. |
|
544 |
CVE-2018-13397 |
|
|
Exec Code |
2018-11-05 |
2019-10-03 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
There was an argument injection vulnerability in Sourcetree for Windows from version 0.5.1.0 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. |
|
545 |
CVE-2018-13396 |
|
|
Exec Code |
2018-11-05 |
2020-05-11 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
There was an argument injection vulnerability in Sourcetree for macOS from version 1.0b2 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. |
|
546 |
CVE-2018-13376 |
|
|
|
2018-11-27 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response. |
|
547 |
CVE-2018-13361 |
20 |
|
|
2018-11-27 |
2018-12-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
User enumeration in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to list all system users via the "modgroup" parameter. |
|
548 |
CVE-2018-13360 |
79 |
|
XSS |
2018-11-27 |
2018-12-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting in Text Editor in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "filename" URL parameter. |
|
549 |
CVE-2018-13359 |
79 |
|
XSS |
2018-11-27 |
2020-08-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site scripting in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "modgroup" parameter. |
|
550 |
CVE-2018-13358 |
78 |
|
Exec Code |
2018-11-27 |
2019-10-03 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "checkName" parameter. |
