Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
seagate nas os 4.3.15.1 vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2018-12296
Insufficient access control in /api/external/7.0/system.System.get_infos in Seagate NAS OS version 4.3.15.1 allows malicious users to obtain information about the NAS without authentication via empty POST requests.
Seagate Nas Os 4.3.15.1
5
CVSSv2
CVE-2018-12298
Directory Traversal in filebrowser in Seagate NAS OS 4.3.15.1 allows malicious users to read files within the application's container via a URL path.
Seagate Nas Os 4.3.15.1
3.5
CVSSv2
CVE-2018-12299
Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows malicious users to execute JavaScript via uploaded file names.
Seagate Nas Os 4.3.15.1
5.8
CVSSv2
CVE-2018-12300
Arbitrary Redirect in echo-server.html in Seagate NAS OS version 4.3.15.1 allows malicious users to disclose information in the Referer header via the 'state' URL parameter.
Seagate Nas Os 4.3.15.1
4.3
CVSSv2
CVE-2018-12302
Missing HTTPOnly flag on session cookies in the Seagate NAS OS version 4.3.15.1 web application allows malicious users to steal session tokens via cross-site scripting.
Seagate Nas Os 4.3.15.1
4.3
CVSSv2
CVE-2018-12304
Cross-site scripting in Application Manager in Seagate NAS OS version 4.3.15.1 allows malicious users to execute JavaScript via multiple application metadata fields: Short Description, Publisher Name, Publisher Contact, or Website URL.
Seagate Nas Os 4.3.15.1
7.5
CVSSv2
CVE-2018-12295
SQL injection in folderViewSpecific.psp in Seagate NAS OS version 4.3.15.1 allows malicious users to execute arbitrary SQL commands via the dirId URL parameter.
Seagate Nas Os 4.3.15.1
4.3
CVSSv2
CVE-2018-12297
Cross-site scripting in API error pages in Seagate NAS OS version 4.3.15.1 allows malicious users to execute JavaScript via URL path names.
Seagate Nas Os 4.3.15.1
5
CVSSv2
CVE-2018-12301
Unvalidated URL in Download Manager in Seagate NAS OS version 4.3.15.1 allows malicious users to access the loopback interface via a Download URL of 127.0.0.1 or localhost.
Seagate Nas Os 4.3.15.1
3.5
CVSSv2
CVE-2018-12303
Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows malicious users to execute JavaScript via directory names.
Seagate Nas Os 4.3.15.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started