99 matches found
ASUSTOR Data Master Account Enumeration Vulnerability
ASUSTOR Data Master ADM is a dedicated operating system for ASUSTOR NAS storage devices from ASUSTOR. A security vulnerability exists in ASUSTOR ADM 3.1.5 and earlier versions. A remote attacker can exploit this vulnerability to enumerate all accounts on the device with the help of the user.cgi...
ASUSTOR Data Master File Disclosure Vulnerability
ASUSTOR Data Master ADM is a dedicated operating system for ASUSTOR NAS storage devices from ASUSTOR. A file disclosure vulnerability exists in ASUSTOR ADM 3.1.5 and earlier versions. A remote attacker can exploit this vulnerability by sending a request to the downloadwallpaper.cgi file and...
ASUSTOR Data Master Path Traversal Vulnerability (CNVD-2018-17897)
ASUSTOR Data Master ADM is a dedicated operating system for ASUSTOR NAS storage devices from ASUSTOR. A path traversal vulnerability exists in ASUSTOR ADM 3.1.5 and prior versions. A remote attacker can exploit this vulnerability to upload files to an arbitrary location and potentially execute co...
ASUSTOR Data Master Information Disclosure Vulnerability
ASUSTOR Data Master ADM is a dedicated operating system for ASUSTOR NAS storage devices from ASUSTOR. An information disclosure vulnerability exists in ASUSTOR ADM 3.1.5 and earlier versions. A remote attacker can exploit this vulnerability by sending a request to the loginimage.cgi file to read...
ASUSTOR Data Master Path Traversal Vulnerability
ASUSTOR Data Master ADM is a dedicated operating system for ASUSTOR NAS storage devices from ASUSTOR. A path traversal vulnerability exists in the wallpaper.cgi file in ASUSTOR ADM 3.1.5 and earlier versions. A remote attacker could exploit this vulnerability to delete arbitrary files on the file...
Path traversal
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to delete any file on the file system due to a path traversal vulnerability in wallpaper.cgi...
Design/Logic Flaw
ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a configuration file that is vulnerable to XSS. A man in the middle can take advantage of this by inserting Javascript into the configuration files Version field...
Path traversal
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to upload files to arbitrary locations due to a path traversal vulnerability. This could lead to code execution if the "Web Server" feature is enabled...
CVE-2018-15694
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to upload files to arbitrary locations due to a path traversal vulnerability. This could lead to code execution if the "Web Server" feature is enabled...
CVE-2018-15698
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on the file system when providing the full path to loginimage.cgi...
CVE-2018-15694
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to upload files to arbitrary locations due to a path traversal vulnerability. This could lead to code execution if the "Web Server" feature is enabled...
CVE-2018-15699
ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a configuration file that is vulnerable to XSS. A man in the middle can take advantage of this by inserting Javascript into the configuration files Version field...
CVE-2018-15697
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on a share by providing the full path. For example, /home/admin/.ashhistory...
CVE-2018-15696
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to enumerate all user accounts via user.cgi...
CVE-2018-15699
ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a configuration file that is vulnerable to XSS. A man in the middle can take advantage of this by inserting Javascript into the configuration files Version field...
CVE-2018-15697
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on a share by providing the full path. For example, /home/admin/.ashhistory...
CVE-2018-15695
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to delete any file on the file system due to a path traversal vulnerability in wallpaper.cgi...
Code injection
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to enumerate all user accounts via user.cgi...
CVE-2018-15696
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to enumerate all user accounts via user.cgi...
CVE-2018-15698
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on the file system when providing the full path to loginimage.cgi...