21 matches found
EUVD-2018-3377
Malware in sbrugna...
EUVD-2018-3378
Malware in sbrugna...
EUVD-2018-3381
Malware in sbrugna...
EUVD-2018-3382
Malware in sbrugna...
Unrestricted file upload
An unrestricted file upload vulnerability in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data to a specified filename. This can be used to place attacker controlled code on the file system that is then executed...
Design/Logic Flaw
An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the "downloadsyssettings" action and then specify files arbitrarily throughout the system via the act parameter...
CVE-2018-11340
An unrestricted file upload vulnerability in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data to a specified filename. This can be used to place attacker controlled code on the file system that is then executed...
Path traversal
A path traversal vulnerability in fileExplorer.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a path to a file on the system to create folders via the destfolder parameter...
CVE-2018-11341
Directory traversal in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to navigate the file system via the filename parameter...
CVE-2018-11345
An unrestricted file upload vulnerability in upload.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data via the POST parameter filename. This can be used to place attacker controlled code on the file system that can then be executed. Further, the filename parameter is...
CVE-2018-11346
An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the "downloadsyssettings" action and then specify files arbitrarily throughout the system via the act parameter...
CVE-2018-11344
A path traversal vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a file on the system to download via the file1 parameter...
CVE-2018-11342
A path traversal vulnerability in fileExplorer.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a path to a file on the system to create folders via the destfolder parameter...
CVE-2018-11340
An unrestricted file upload vulnerability in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data to a specified filename. This can be used to place attacker controlled code on the file system that is then executed...
CVE-2018-11341
Directory traversal in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to navigate the file system via the filename parameter...
Path traversal
A path traversal vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a file on the system to download via the file1 parameter...
Unrestricted file upload
An unrestricted file upload vulnerability in upload.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data via the POST parameter filename. This can be used to place attacker controlled code on the file system that can then be executed. Further, the filename parameter is...
CVE-2018-11341
CVE-2018-11341 affects ASUSTOR AS6202T ADM 3.1.0.RFQ3; a vulnerability in importuser.cgi allows directory traversal via the filename parameter, enabling an attacker to navigate the file system. Affected component: importuser.cgi. Root cause: improper validation of the filename parameter leading t...
ASUSTOR AS6202T ADM Unrestricted File Upload Vulnerability
ASUSTOR AS6202T ADM is a dedicated operating system for ASUSTOR NAS storage devices from ASUSTOR. An arbitrary file upload vulnerability exists in the importuser.cgi file in ASUSTOR AS6202T ADM version 3.1.0.RFQ3, which stems from the program's failure to validate file extensions. An attacker can...
ASUSTOR AS6202T ADM Directory Traversal Vulnerability
ADM ASUSTOR Data Manager is the operating system and user interface for ASUSTOR NAS. A directory traversal vulnerability exists in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3. An attacker can exploit this vulnerability to navigate the file system via the filename parameter...