99 matches found
CVE-2018-15695
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to delete any file on the file system due to a path traversal vulnerability in wallpaper.cgi...
Code injection
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to enumerate all user accounts via user.cgi...
CVE-2018-15699
Summary for CVE-2018-15699 : Affected product is ASUSTOR Data Master (ADM) web interface prior to 3.1.6. The issue arises when ADM repeatedly makes HTTP requests for a configuration file, allowing a MITM attacker to inject JavaScript into the Version field, resulting in a cross‑site scripting (XS...
CVE-2018-15698
ASUSTOR Data Master (ADM) 3.1.5 and earlier: authenticated remote non-administrative users can read arbitrary files on the file system by providing the full path to loginimage.cgi. This is CVE-2018-15698 (NVD/CVE entry). The vulnerability originates from an information-disclosure flaw in ADM prio...
CVE-2018-15699
ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a configuration file that is vulnerable to XSS. A man in the middle can take advantage of this by inserting Javascript into the configuration files Version field...
CVE-2018-15694
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to upload files to arbitrary locations due to a path traversal vulnerability. This could lead to code execution if the "Web Server" feature is enabled...
CVE-2018-15695
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to delete any file on the file system due to a path traversal vulnerability in wallpaper.cgi...
CVE-2018-15697
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on a share by providing the full path. For example, /home/admin/.ashhistory...
CVE-2018-15698
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on the file system when providing the full path to loginimage.cgi...
CVE-2018-15697
ASUSTOR Data Master (ADM) prior to version 3.1.6 is affected by CVE-2018-15697. Authenticated non-administrative users can read any file on a shared NAS by supplying the full path in the request (example: /home/admin/.ash_history). The issue stems from a file-disclosure vulnerability in ADM 3.1.5...
CVE-2018-15694
CVE-2018-15694 affects ASUSTOR Data Master (ADM) running on NAS devices, specifically versions 3.1.5 and earlier. A path traversal vulnerability allows authenticated remote non-administrative users to upload files to arbitrary locations, which could lead to code execution if the Web Server featur...
CVE-2018-15696
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to enumerate all user accounts via user.cgi...
CVE-2018-15695
ASUSTOR Data Master (ADM) is affected in versions 3.1.5 and earlier due to a path traversal vulnerability in wallpaper.cgi. The issue allows authenticated remote non-administrative users to delete arbitrary files on the file system. Root cause: path traversal in wallpaper.cgi. Impact per sources:...
CVE-2018-15696
ASUSTOR Data Master (ADM) prior to 3.1.6 is affected by CVE-2018-15696: authenticated remote non-administrative users can enumerate all user accounts via user.cgi. Vulnerability details are supported by multiple sources (e.g., NVD entry and OpenVAS plugin noting ADM < 3.1.6 includes CVE-2018-1...
ASUSTOR Data Master < 3.1.6 Multiple Vulnerabilities
According to its self-reported version number, the ASUSTOR Data Master ADM web interface running on the remote web server is prior to 3.1.6. It is, therefore, affected by multiple vulnerabilities: - CVE-2018-15694: Authenticated File Upload - CVE-2018-15695: Authenticated Arbitrary File Deletion ...
ASUSTOR Data Master (ADM) Detection
Binary data asustordatamasterdetect.nbin...
ASUSTOR Data Master < 3.1.3 Multiple Vulnerabilities
According to its self-reported version number, the ASUSTOR Data Master ADM web interface running on the remote web server is prior to 3.1.3. It is, therefore, affected by multiple vulnerabilities, including unauthenticated remote code execution. C Tenable Network Security, Inc. include'compat.inc...
ASURTOR NAS ADM Remote Command Execution Vulnerability
ASUSTOR Data Master ADM is a dedicated operating system for ASUSTOR NAS with a tablet-like graphical interface comparable to a zero learning curve. A remote command execution vulnerability exists in ASUSTOR NAS ADM. Because the application does not strictly filter user input, an unauthenticated...
ASUSTOR Data Master (ADM) Detection (HTTP)
HTTP based detection of ASUSTOR Data Master ADM. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...