Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nas vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2017-7635
QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections.
Qnap Nas Proxy Server
383
VMScore
CVE-2017-7636
Cross-site scripting (XSS) vulnerability in QNAP NAS application Proxy Server through version 1.2.0 allows remote malicious users to inject arbitrary web script or HTML.
Qnap Nas Proxy Server
890
VMScore
CVE-2017-7637
QNAP NAS application Proxy Server through version 1.2.0 allows remote malicious users to run arbitrary OS commands against the system with root privileges.
Qnap Nas Proxy Server
445
VMScore
CVE-2017-7639
QNAP NAS application Proxy Server through version 1.2.0 does not authenticate requests properly. Successful exploitation can lead to change of the settings of Proxy Server.
Qnap Nas Proxy Server
801
VMScore
CVE-2022-24551
A flaw was found in StarWind Stack. The endpoint for setting a new password doesn’t check the current username and old password. An attacker could reset any local user password (including system/administrator user) using any available user This affects StarWind SAN and NAS ...
Starwindsoftware Nas
Starwindsoftware San
312
VMScore
CVE-2018-12303
Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows malicious users to execute JavaScript via directory names.
Seagate Nas Os 4.3.15.1
1000
VMScore
CVE-2014-8687
Seagate Business NAS devices with firmware prior to 2015.00322 allow remote malicious users to execute arbitrary code with root privileges by leveraging use of a static encryption key to create session tokens.
Seagate Business Nas Firmware 2014.00319
2 EDB exploits
1 Github repository
2 Articles
383
VMScore
CVE-2016-10861
Neet AirStream NAS1.1 devices allow CSRF attacks that cause the settings binary to change the AP name and password.
Neetcables Airstream Nas Firmware 1.1
801
VMScore
CVE-2022-32268
StarWind SAN and NAS v0.2 build 1914 allow remote code execution. A flaw was found in REST API in StarWind Stack. REST command, which allows changing the hostname, doesn’t check a new hostname parameter. It goes directly to bash as part of a script. An attacker with non-roo...
Starwindsoftware Starwind San & Nas 0.2
890
VMScore
CVE-2016-10107
Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 index.php page via a modified Cookie header.
Western Digital Mycloud Nas 2.11.142
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »