Lucene search
K

99 matches found

CNVD
CNVD
added 2018/08/28 12:0 a.m.2 views

ASUSTOR Data Master Account Enumeration Vulnerability

ASUSTOR Data Master ADM is a dedicated operating system for ASUSTOR NAS storage devices from ASUSTOR. A security vulnerability exists in ASUSTOR ADM 3.1.5 and earlier versions. A remote attacker can exploit this vulnerability to enumerate all accounts on the device with the help of the user.cgi...

4.3CVSS7.5AI score0.00729EPSS
Exploits1References1
CNVD
CNVD
added 2018/08/28 12:0 a.m.2 views

ASUSTOR Data Master File Disclosure Vulnerability

ASUSTOR Data Master ADM is a dedicated operating system for ASUSTOR NAS storage devices from ASUSTOR. A file disclosure vulnerability exists in ASUSTOR ADM 3.1.5 and earlier versions. A remote attacker can exploit this vulnerability by sending a request to the downloadwallpaper.cgi file and...

6.5CVSS6.6AI score0.00907EPSS
Exploits1References1
CNVD
CNVD
added 2018/08/28 12:0 a.m.3 views

ASUSTOR Data Master Path Traversal Vulnerability (CNVD-2018-17897)

ASUSTOR Data Master ADM is a dedicated operating system for ASUSTOR NAS storage devices from ASUSTOR. A path traversal vulnerability exists in ASUSTOR ADM 3.1.5 and prior versions. A remote attacker can exploit this vulnerability to upload files to an arbitrary location and potentially execute co...

7.5CVSS7.9AI score0.01511EPSS
Exploits1References1
CNVD
CNVD
added 2018/08/28 12:0 a.m.2 views

ASUSTOR Data Master Information Disclosure Vulnerability

ASUSTOR Data Master ADM is a dedicated operating system for ASUSTOR NAS storage devices from ASUSTOR. An information disclosure vulnerability exists in ASUSTOR ADM 3.1.5 and earlier versions. A remote attacker can exploit this vulnerability by sending a request to the loginimage.cgi file to read...

6.8CVSS6.3AI score0.01106EPSS
Exploits1References1
CNVD
CNVD
added 2018/08/28 12:0 a.m.3 views

ASUSTOR Data Master Path Traversal Vulnerability

ASUSTOR Data Master ADM is a dedicated operating system for ASUSTOR NAS storage devices from ASUSTOR. A path traversal vulnerability exists in the wallpaper.cgi file in ASUSTOR ADM 3.1.5 and earlier versions. A remote attacker could exploit this vulnerability to delete arbitrary files on the file...

8.5CVSS6.7AI score0.01014EPSS
Exploits1References1
Prion
Prion
added 2018/08/27 2:29 p.m.17 views

Path traversal

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to delete any file on the file system due to a path traversal vulnerability in wallpaper.cgi...

8.5CVSS6.3AI score0.01014EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2018/08/27 2:29 p.m.14 views

Design/Logic Flaw

ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a configuration file that is vulnerable to XSS. A man in the middle can take advantage of this by inserting Javascript into the configuration files Version field...

4.3CVSS6.2AI score0.00646EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2018/08/27 2:29 p.m.14 views

Path traversal

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to upload files to arbitrary locations due to a path traversal vulnerability. This could lead to code execution if the "Web Server" feature is enabled...

6CVSS7.8AI score0.01511EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/08/27 2:29 p.m.15 views

CVE-2018-15694

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to upload files to arbitrary locations due to a path traversal vulnerability. This could lead to code execution if the "Web Server" feature is enabled...

7.5CVSS7.7AI score0.01511EPSS
Exploits1References1
OSV
OSV
added 2018/08/27 2:29 p.m.5 views

CVE-2018-15698

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on the file system when providing the full path to loginimage.cgi...

6.5CVSS5.8AI score0.01106EPSS
Exploits1References1
OSV
OSV
added 2018/08/27 2:29 p.m.3 views

CVE-2018-15694

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to upload files to arbitrary locations due to a path traversal vulnerability. This could lead to code execution if the "Web Server" feature is enabled...

7.5CVSS6.3AI score0.01511EPSS
Exploits1References1
NVD
NVD
added 2018/08/27 2:29 p.m.19 views

CVE-2018-15699

ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a configuration file that is vulnerable to XSS. A man in the middle can take advantage of this by inserting Javascript into the configuration files Version field...

6.1CVSS6.2AI score0.00646EPSS
Exploits1References1
NVD
NVD
added 2018/08/27 2:29 p.m.14 views

CVE-2018-15697

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on a share by providing the full path. For example, /home/admin/.ashhistory...

6.5CVSS6.3AI score0.00907EPSS
Exploits1References1
OSV
OSV
added 2018/08/27 2:29 p.m.6 views

CVE-2018-15696

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to enumerate all user accounts via user.cgi...

4.3CVSS5.8AI score0.00729EPSS
Exploits1References1
OSV
OSV
added 2018/08/27 2:29 p.m.4 views

CVE-2018-15699

ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a configuration file that is vulnerable to XSS. A man in the middle can take advantage of this by inserting Javascript into the configuration files Version field...

6.1CVSS5.8AI score0.00646EPSS
Exploits1References1
OSV
OSV
added 2018/08/27 2:29 p.m.4 views

CVE-2018-15697

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on a share by providing the full path. For example, /home/admin/.ashhistory...

6.5CVSS5.8AI score0.00907EPSS
Exploits1References1
OSV
OSV
added 2018/08/27 2:29 p.m.4 views

CVE-2018-15695

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to delete any file on the file system due to a path traversal vulnerability in wallpaper.cgi...

6.5CVSS5.8AI score0.01014EPSS
Exploits1References1
Prion
Prion
added 2018/08/27 2:29 p.m.17 views

Code injection

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to enumerate all user accounts via user.cgi...

4CVSS4.6AI score0.00729EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/08/27 2:29 p.m.20 views

CVE-2018-15696

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to enumerate all user accounts via user.cgi...

4.3CVSS4.6AI score0.00729EPSS
Exploits1References1
NVD
NVD
added 2018/08/27 2:29 p.m.18 views

CVE-2018-15698

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on the file system when providing the full path to loginimage.cgi...

6.8CVSS6.3AI score0.01106EPSS
Exploits1References1
Rows per page
Query Builder