Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nas vulnerabilities and exploits
(subscribe to this query)
801
VMScore
CVE-2022-32268
StarWind SAN and NAS v0.2 build 1914 allow remote code execution. A flaw was found in REST API in StarWind Stack. REST command, which allows changing the hostname, doesn’t check a new hostname parameter. It goes directly to bash as part of a script. An attacker with non-roo...
Starwindsoftware Starwind San & Nas 0.2
1000
VMScore
CVE-2016-10108
Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/google_analytics.php URL via a modified arg parameter in the POST data.
Western Digital Mycloud Nas 2.11.142
1 Metasploit module
685
VMScore
CVE-2008-0804
PHP remote file inclusion vulnerability in usrgetform.html in Thecus N5200Pro NAS Server allows remote malicious users to execute arbitrary PHP code via a URL in the name parameter.
Thecus N5200pro Nas Server Control Panel
1 EDB exploit
1000
VMScore
CVE-2013-6924
Seagate BlackArmor NAS devices with firmware sg2000-2000.1331 allow remote malicious users to execute arbitrary commands via shell metacharacters in the ip parameter to backupmgt/getAlias.php.
Seagate Blackarmor Nas 220 Firmware Sg2000-2000.1331
2 EDB exploits
NA
CVE-2023-39620
An Issue in Buffalo America, Inc. TeraStation NAS TS5410R v.5.00 thru v.0.07 allows a remote malicious user to obtain sensitive information via the guest account function.
Buffalo Terastation Nas 5410r Firmware 5.00-0.07
668
VMScore
CVE-2021-45389
A flaw was found with the JWT token. A self-signed JWT token could be injected into the update manager and bypass the authentication process, thus could escalate privileges. This affects StarWind SAN and NAS build 1578 and StarWind Command Center build 6864.
Starwind Command Center 6864
Starwind San&nas 1578
890
VMScore
CVE-2008-7081
userHandler.cgi in RaidSonic ICY BOX NAS firmware 2.3.2.IB.2.RS.1 allows remote malicious users to bypass authentication and gain administrator privileges by setting the login parameter to admin. NOTE: the provenance of this information is unknown; the details are obtained solely...
Raidsonic Icy Box Nas 2.3.2.ib.2.rs.1
383
VMScore
CVE-2018-12099
Grafana prior to 5.2.0-beta1 has XSS vulnerabilities in dashboard links.
Grafana Grafana
Netapp Active Iq Performance Analytics Services -
Netapp Storagegrid Webscale Nas Bridge -
445
VMScore
CVE-2013-0142
QNAP VioStor NVR devices with firmware 4.0.3, and the Surveillance Station Pro component in QNAP NAS, have a hardcoded guest account, which allows remote malicious users to obtain web-server login access via unspecified vectors.
Qnap Viostor Network Video Recorder 4.0.3
Qnap Viostor Network Video Recorder -
Qnap Surveillance Station Pro -
Qnap Nas -
655
VMScore
CVE-2013-0143
cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by leveraging guest access and placing shell metacharacters in the query string.
Qnap Viostor Network Video Recorder 4.0.3
Qnap Viostor Network Video Recorder -
Qnap Surveillance Station Pro -
Qnap Nas -
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3080
log injection
CVE-2024-6041
CVE-2024-37661
XML external entity
CVE-2024-0845
privilege escalation
CVE-2023-37057
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »