Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

seagate nas os 4.3.15.1 vulnerabilities and exploits

(subscribe to this query)
5
CVSSv2
CVE-2018-12296
Insufficient access control in /api/external/7.0/system.System.get_infos in Seagate NAS OS version 4.3.15.1 allows malicious users to obtain information about the NAS without authentication via empty POST requests.
Seagate Nas Os 4.3.15.1
5
CVSSv2
CVE-2018-12298
Directory Traversal in filebrowser in Seagate NAS OS 4.3.15.1 allows malicious users to read files within the application's container via a URL path.
Seagate Nas Os 4.3.15.1
3.5
CVSSv2
CVE-2018-12299
Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows malicious users to execute JavaScript via uploaded file names.
Seagate Nas Os 4.3.15.1
5.8
CVSSv2
CVE-2018-12300
Arbitrary Redirect in echo-server.html in Seagate NAS OS version 4.3.15.1 allows malicious users to disclose information in the Referer header via the 'state' URL parameter.
Seagate Nas Os 4.3.15.1
4.3
CVSSv2
CVE-2018-12302
Missing HTTPOnly flag on session cookies in the Seagate NAS OS version 4.3.15.1 web application allows malicious users to steal session tokens via cross-site scripting.
Seagate Nas Os 4.3.15.1
4.3
CVSSv2
CVE-2018-12304
Cross-site scripting in Application Manager in Seagate NAS OS version 4.3.15.1 allows malicious users to execute JavaScript via multiple application metadata fields: Short Description, Publisher Name, Publisher Contact, or Website URL.
Seagate Nas Os 4.3.15.1
7.5
CVSSv2
CVE-2018-12295
SQL injection in folderViewSpecific.psp in Seagate NAS OS version 4.3.15.1 allows malicious users to execute arbitrary SQL commands via the dirId URL parameter.
Seagate Nas Os 4.3.15.1
4.3
CVSSv2
CVE-2018-12297
Cross-site scripting in API error pages in Seagate NAS OS version 4.3.15.1 allows malicious users to execute JavaScript via URL path names.
Seagate Nas Os 4.3.15.1
5
CVSSv2
CVE-2018-12301
Unvalidated URL in Download Manager in Seagate NAS OS version 4.3.15.1 allows malicious users to access the loopback interface via a Download URL of 127.0.0.1 or localhost.
Seagate Nas Os 4.3.15.1
3.5
CVSSv2
CVE-2018-12303
Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows malicious users to execute JavaScript via directory names.
Seagate Nas Os 4.3.15.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
injectCVE-2024-34001CVE-2024-37018LFICVE-2024-1275CVE-2024-1086CSRFCVE-2024-31030CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook