Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nas vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2017-7635
QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections.
Qnap Nas Proxy Server
445
VMScore
CVE-2017-7639
QNAP NAS application Proxy Server through version 1.2.0 does not authenticate requests properly. Successful exploitation can lead to change of the settings of Proxy Server.
Qnap Nas Proxy Server
383
VMScore
CVE-2017-7636
Cross-site scripting (XSS) vulnerability in QNAP NAS application Proxy Server through version 1.2.0 allows remote malicious users to inject arbitrary web script or HTML.
Qnap Nas Proxy Server
890
VMScore
CVE-2017-7637
QNAP NAS application Proxy Server through version 1.2.0 allows remote malicious users to run arbitrary OS commands against the system with root privileges.
Qnap Nas Proxy Server
383
VMScore
CVE-2021-34361
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote malicious users to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QT...
Qnap Nas Proxy Server
801
VMScore
CVE-2022-24551
A flaw was found in StarWind Stack. The endpoint for setting a new password doesn’t check the current username and old password. An attacker could reset any local user password (including system/administrator user) using any available user This affects StarWind SAN and NAS ...
Starwindsoftware Nas
Starwindsoftware San
890
VMScore
CVE-2022-24552
A flaw was found in the REST API in StarWind Stack. REST command, which manipulates a virtual disk, doesn’t check input parameters. Some of them go directly to bash as part of a script. An attacker with non-root user access can inject arbitrary data into the command that wi...
Starwindsoftware Nas
Starwindsoftware San
445
VMScore
CVE-2002-1949
The Network Attached Storage (NAS) Administration Web Page for Iomega NAS A300U transmits passwords in cleartext, which allows remote malicious users to sniff the administrative password.
Iomega Nas A300u Firmware -
668
VMScore
CVE-2018-12295
SQL injection in folderViewSpecific.psp in Seagate NAS OS version 4.3.15.1 allows malicious users to execute arbitrary SQL commands via the dirId URL parameter.
Seagate Nas Os 4.3.15.1
312
VMScore
CVE-2018-12299
Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows malicious users to execute JavaScript via uploaded file names.
Seagate Nas Os 4.3.15.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3080
log injection
CVE-2024-6041
CVE-2024-37661
XML external entity
CVE-2024-0845
privilege escalation
CVE-2023-37057
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »