Max CVSS | 5.0 | Min CVSS | 5.0 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2018-9148 | 5.0 |
Western Digital WD My Cloud v04.05.00-320 devices embed the session token (aka PHPSESSID) in filenames, which makes it easier for attackers to bypass authentication by listing a directory. NOTE: this can be exploited in conjunction with CVE-2018-7171
|
28-05-2019 - 15:07 | 30-03-2018 - 19:29 | |
CVE-2018-7171 | 5.0 |
Directory traversal vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to share the contents of arbitrary directories via a .. (dot dot) in the contentbase parameter to rpc/set_all.
|
20-04-2018 - 13:16 | 30-03-2018 - 21:29 |