Lucene search
+L

73 matches found

OSV
OSV
added 2018/08/27 2:29 p.m.8 views

CVE-2018-15696

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to enumerate all user accounts via user.cgi...

4.3CVSS5.8AI score0.00729EPSS
Exploits1References1
Prion
Prion
added 2018/08/27 2:29 p.m.19 views

Code injection

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to enumerate all user accounts via user.cgi...

4CVSS4.6AI score0.00729EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/08/27 2:29 p.m.5 views

CVE-2018-15698

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on the file system when providing the full path to loginimage.cgi...

6.5CVSS5.8AI score0.01106EPSS
Exploits1References1
OSV
OSV
added 2018/08/27 2:29 p.m.5 views

CVE-2018-15697

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on a share by providing the full path. For example, /home/admin/.ashhistory...

6.5CVSS5.8AI score0.00907EPSS
Exploits1References1
OSV
OSV
added 2018/08/27 2:29 p.m.5 views

CVE-2018-15699

ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a configuration file that is vulnerable to XSS. A man in the middle can take advantage of this by inserting Javascript into the configuration files Version field...

6.1CVSS5.8AI score0.00646EPSS
Exploits1References1
OSV
OSV
added 2018/08/27 2:29 p.m.5 views

CVE-2018-15694

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to upload files to arbitrary locations due to a path traversal vulnerability. This could lead to code execution if the "Web Server" feature is enabled...

7.5CVSS6.3AI score0.01511EPSS
Exploits1References1
OSV
OSV
added 2018/08/27 2:29 p.m.5 views

CVE-2018-15695

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to delete any file on the file system due to a path traversal vulnerability in wallpaper.cgi...

6.5CVSS5.8AI score0.01014EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/08/27 2:0 p.m.22 views

CVE-2018-15698

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on the file system when providing the full path to loginimage.cgi...

6.8AI score0.01106EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/08/27 2:0 p.m.21 views

CVE-2018-15694

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to upload files to arbitrary locations due to a path traversal vulnerability. This could lead to code execution if the "Web Server" feature is enabled...

7.7AI score0.01511EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2018/08/24 12:0 a.m.36 views

ASUSTOR Data Master < 3.1.6 Multiple Vulnerabilities

According to its self-reported version number, the ASUSTOR Data Master ADM web interface running on the remote web server is prior to 3.1.6. It is, therefore, affected by multiple vulnerabilities: - CVE-2018-15694: Authenticated File Upload - CVE-2018-15695: Authenticated Arbitrary File Deletion ...

8.5CVSS6AI score0.01511EPSS
Exploits6References8
Tenable Nessus
Tenable Nessus
added 2018/07/24 12:0 a.m.27 views

ASUSTOR Data Master < 3.1.3 Multiple Vulnerabilities

According to its self-reported version number, the ASUSTOR Data Master ADM web interface running on the remote web server is prior to 3.1.3. It is, therefore, affected by multiple vulnerabilities, including unauthenticated remote code execution. C Tenable Network Security, Inc. include'compat.inc...

10CVSS9AI score0.04354EPSS
Exploits1References3
CNVD
CNVD
added 2018/07/03 12:0 a.m.21 views

ASURTOR NAS ADM Remote Command Execution Vulnerability

ASUSTOR Data Master ADM is a dedicated operating system for ASUSTOR NAS with a tablet-like graphical interface comparable to a zero learning curve. A remote command execution vulnerability exists in ASUSTOR NAS ADM. Because the application does not strictly filter user input, an unauthenticated...

9.8CVSS9.7AI score0.4476EPSS
Exploits9References1
OpenVAS
OpenVAS
added 2018/06/29 12:0 a.m.38 views

ASUSTOR Data Master (ADM) Detection (HTTP)

HTTP based detection of ASUSTOR Data Master ADM. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.1AI score
Exploits0References1
Rows per page
Query Builder