73 matches found
CVE-2018-15696
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to enumerate all user accounts via user.cgi...
Code injection
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to enumerate all user accounts via user.cgi...
CVE-2018-15698
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on the file system when providing the full path to loginimage.cgi...
CVE-2018-15697
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on a share by providing the full path. For example, /home/admin/.ashhistory...
CVE-2018-15699
ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a configuration file that is vulnerable to XSS. A man in the middle can take advantage of this by inserting Javascript into the configuration files Version field...
CVE-2018-15694
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to upload files to arbitrary locations due to a path traversal vulnerability. This could lead to code execution if the "Web Server" feature is enabled...
CVE-2018-15695
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to delete any file on the file system due to a path traversal vulnerability in wallpaper.cgi...
CVE-2018-15698
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on the file system when providing the full path to loginimage.cgi...
CVE-2018-15694
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to upload files to arbitrary locations due to a path traversal vulnerability. This could lead to code execution if the "Web Server" feature is enabled...
ASUSTOR Data Master < 3.1.6 Multiple Vulnerabilities
According to its self-reported version number, the ASUSTOR Data Master ADM web interface running on the remote web server is prior to 3.1.6. It is, therefore, affected by multiple vulnerabilities: - CVE-2018-15694: Authenticated File Upload - CVE-2018-15695: Authenticated Arbitrary File Deletion ...
ASUSTOR Data Master < 3.1.3 Multiple Vulnerabilities
According to its self-reported version number, the ASUSTOR Data Master ADM web interface running on the remote web server is prior to 3.1.3. It is, therefore, affected by multiple vulnerabilities, including unauthenticated remote code execution. C Tenable Network Security, Inc. include'compat.inc...
ASURTOR NAS ADM Remote Command Execution Vulnerability
ASUSTOR Data Master ADM is a dedicated operating system for ASUSTOR NAS with a tablet-like graphical interface comparable to a zero learning curve. A remote command execution vulnerability exists in ASUSTOR NAS ADM. Because the application does not strictly filter user input, an unauthenticated...
ASUSTOR Data Master (ADM) Detection (HTTP)
HTTP based detection of ASUSTOR Data Master ADM. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...