Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nas vulnerabilities and exploits
(subscribe to this query)
890
VMScore
CVE-2014-3206
Seagate BlackArmor NAS allows remote malicious users to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php.
Seagate Blackarmor Nas 220 Firmware -
Seagate Blackarmor Nas 110 Firmware -
463
VMScore
CVE-2020-7847
The ipTIME NAS product allows an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. This issue affects: pTIME NAS 1.4.36.
Iptime Nas-i Firmware
Iptime Nas-ii Firmware
Iptime Nas-iie Firmware
Iptime Nas101 Firmware
Iptime Nas1dual Firmware
Iptime Nas2dual Firmware
Iptime Nas3 Firmware
Iptime Nas4 Firmware
Iptime Nas4dual Firmware
445
VMScore
CVE-2021-26620
An improper authentication vulnerability leading to information leakage exists in iptime NAS2dual. Remote attackers are able to steal important information in the server by exploiting vulnerabilities such as insufficient authentication when accessing the shared folder and changin...
Iptime Nas101 Firmware
Iptime Nas1dual Firmware
Iptime Nas2dual Firmware
Iptime Nas3 Firmware
Iptime Nas4 Firmware
Iptime Nas4dual Firmware
Iptime Nas-i Firmware
Iptime Nas-ii Firmware
Iptime Nas-iie Firmware
890
VMScore
CVE-2012-2568
d41d8cd98f00b204e9800998ecf8427e.php in the management web server on the Seagate BlackArmor device allows remote malicious users to change the administrator password via unspecified vectors.
Seagate Blackarmor Nas
445
VMScore
CVE-2002-1955
Iomega NAS A300U uses cleartext LANMAN authentication when mounting CIFS/SMB drives, which allows remote malicious users to perform a man-in-the-middle attack.
Iomega Nas A300u
NA
CVE-2022-4221
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Asus NAS-M25 allows an unauthenticated malicious user to inject arbitrary OS commands via unsanitized cookie values.This issue affects NAS-M25: up to and includin...
Asus Nas-m25 Firmware
445
VMScore
CVE-2018-12296
Insufficient access control in /api/external/7.0/system.System.get_infos in Seagate NAS OS version 4.3.15.1 allows malicious users to obtain information about the NAS without authentication via empty POST requests.
Seagate Nas Os 4.3.15.1
445
VMScore
CVE-2018-12298
Directory Traversal in filebrowser in Seagate NAS OS 4.3.15.1 allows malicious users to read files within the application's container via a URL path.
Seagate Nas Os 4.3.15.1
312
VMScore
CVE-2018-12299
Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows malicious users to execute JavaScript via uploaded file names.
Seagate Nas Os 4.3.15.1
516
VMScore
CVE-2018-12300
Arbitrary Redirect in echo-server.html in Seagate NAS OS version 4.3.15.1 allows malicious users to disclose information in the Referer header via the 'state' URL parameter.
Seagate Nas Os 4.3.15.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4541
CVE-2024-3080
CVE-2024-4787
log injection
CVE-2024-5967
inject
CVE-2024-30078
CVE-2024-5899
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »