Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nas vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2017-7636
Cross-site scripting (XSS) vulnerability in QNAP NAS application Proxy Server through version 1.2.0 allows remote malicious users to inject arbitrary web script or HTML.
Qnap Nas Proxy Server
9.8
CVSSv3
CVE-2017-7637
QNAP NAS application Proxy Server through version 1.2.0 allows remote malicious users to run arbitrary OS commands against the system with root privileges.
Qnap Nas Proxy Server
5.3
CVSSv3
CVE-2017-7639
QNAP NAS application Proxy Server through version 1.2.0 does not authenticate requests properly. Successful exploitation can lead to change of the settings of Proxy Server.
Qnap Nas Proxy Server
9.8
CVSSv3
CVE-2016-10108
Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/google_analytics.php URL via a modified arg parameter in the POST data.
Western Digital Mycloud Nas 2.11.142
1 Metasploit module
9.8
CVSSv3
CVE-2016-10107
Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 index.php page via a modified Cookie header.
Western Digital Mycloud Nas 2.11.142
8.8
CVSSv3
CVE-2022-32268
StarWind SAN and NAS v0.2 build 1914 allow remote code execution. A flaw was found in REST API in StarWind Stack. REST command, which allows changing the hostname, doesn’t check a new hostname parameter. It goes directly to bash as part of a script. An attacker with non-roo...
Starwindsoftware Starwind San \\& Nas 0.2
NA
CVE-2008-0804
PHP remote file inclusion vulnerability in usrgetform.html in Thecus N5200Pro NAS Server allows remote malicious users to execute arbitrary PHP code via a URL in the name parameter.
Thecus N5200pro Nas Server Control Panel
1 EDB exploit
9.8
CVSSv3
CVE-2021-45389
A flaw was found with the JWT token. A self-signed JWT token could be injected into the update manager and bypass the authentication process, thus could escalate privileges. This affects StarWind SAN and NAS build 1578 and StarWind Command Center build 6864.
Starwind Command Center 6864
Starwind San\\&nas 1578
NA
CVE-2008-7081
userHandler.cgi in RaidSonic ICY BOX NAS firmware 2.3.2.IB.2.RS.1 allows remote malicious users to bypass authentication and gain administrator privileges by setting the login parameter to admin. NOTE: the provenance of this information is unknown; the details are obtained solely...
Raidsonic Icy Box Nas 2.3.2.ib.2.rs.1
NA
CVE-2013-0142
QNAP VioStor NVR devices with firmware 4.0.3, and the Surveillance Station Pro component in QNAP NAS, have a hardcoded guest account, which allows remote malicious users to obtain web-server login access via unspecified vectors.
Qnap Viostor Network Video Recorder 4.0.3
Qnap Viostor Network Video Recorder -
Qnap Surveillance Station Pro -
Qnap Nas -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »