Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nas vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2018-12296
Insufficient access control in /api/external/7.0/system.System.get_infos in Seagate NAS OS version 4.3.15.1 allows malicious users to obtain information about the NAS without authentication via empty POST requests.
Seagate Nas Os 4.3.15.1
4.3
CVSSv2
CVE-2018-12297
Cross-site scripting in API error pages in Seagate NAS OS version 4.3.15.1 allows malicious users to execute JavaScript via URL path names.
Seagate Nas Os 4.3.15.1
5
CVSSv2
CVE-2018-12298
Directory Traversal in filebrowser in Seagate NAS OS 4.3.15.1 allows malicious users to read files within the application's container via a URL path.
Seagate Nas Os 4.3.15.1
3.5
CVSSv2
CVE-2018-12299
Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows malicious users to execute JavaScript via uploaded file names.
Seagate Nas Os 4.3.15.1
5.8
CVSSv2
CVE-2018-12300
Arbitrary Redirect in echo-server.html in Seagate NAS OS version 4.3.15.1 allows malicious users to disclose information in the Referer header via the 'state' URL parameter.
Seagate Nas Os 4.3.15.1
4.3
CVSSv2
CVE-2018-12302
Missing HTTPOnly flag on session cookies in the Seagate NAS OS version 4.3.15.1 web application allows malicious users to steal session tokens via cross-site scripting.
Seagate Nas Os 4.3.15.1
3.5
CVSSv2
CVE-2018-12303
Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows malicious users to execute JavaScript via directory names.
Seagate Nas Os 4.3.15.1
4.3
CVSSv2
CVE-2018-12304
Cross-site scripting in Application Manager in Seagate NAS OS version 4.3.15.1 allows malicious users to execute JavaScript via multiple application metadata fields: Short Description, Publisher Name, Publisher Contact, or Website URL.
Seagate Nas Os 4.3.15.1
5
CVSSv2
CVE-2018-12301
Unvalidated URL in Download Manager in Seagate NAS OS version 4.3.15.1 allows malicious users to access the loopback interface via a Download URL of 127.0.0.1 or localhost.
Seagate Nas Os 4.3.15.1
6.8
CVSSv2
CVE-2017-7635
QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections.
Qnap Nas Proxy Server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »