Lucene search
K

99 matches found

OSV
OSV
added 2018/08/27 2:29 p.m.4 views

CVE-2018-15695

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to delete any file on the file system due to a path traversal vulnerability in wallpaper.cgi...

6.5CVSS5.8AI score0.01014EPSS
Exploits1References1
Prion
Prion
added 2018/08/27 2:29 p.m.17 views

Code injection

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to enumerate all user accounts via user.cgi...

4CVSS4.6AI score0.00729EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/08/27 2:0 p.m.45 views

CVE-2018-15699

Summary for CVE-2018-15699 : Affected product is ASUSTOR Data Master (ADM) web interface prior to 3.1.6. The issue arises when ADM repeatedly makes HTTP requests for a configuration file, allowing a MITM attacker to inject JavaScript into the Version field, resulting in a cross‑site scripting (XS...

6.1CVSS6.7AI score0.00646EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/08/27 2:0 p.m.46 views

CVE-2018-15698

ASUSTOR Data Master (ADM) 3.1.5 and earlier: authenticated remote non-administrative users can read arbitrary files on the file system by providing the full path to loginimage.cgi. This is CVE-2018-15698 (NVD/CVE entry). The vulnerability originates from an information-disclosure flaw in ADM prio...

6.8CVSS6.7AI score0.01106EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/08/27 2:0 p.m.24 views

CVE-2018-15699

ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a configuration file that is vulnerable to XSS. A man in the middle can take advantage of this by inserting Javascript into the configuration files Version field...

6.7AI score0.00646EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/08/27 2:0 p.m.19 views

CVE-2018-15694

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to upload files to arbitrary locations due to a path traversal vulnerability. This could lead to code execution if the "Web Server" feature is enabled...

7.7AI score0.01511EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/08/27 2:0 p.m.19 views

CVE-2018-15695

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to delete any file on the file system due to a path traversal vulnerability in wallpaper.cgi...

6.8AI score0.01014EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/08/27 2:0 p.m.16 views

CVE-2018-15697

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on a share by providing the full path. For example, /home/admin/.ashhistory...

6.7AI score0.00907EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/08/27 2:0 p.m.19 views

CVE-2018-15698

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on the file system when providing the full path to loginimage.cgi...

6.8AI score0.01106EPSS
Exploits1References1
CVE
CVE
added 2018/08/27 2:0 p.m.56 views

CVE-2018-15697

ASUSTOR Data Master (ADM) prior to version 3.1.6 is affected by CVE-2018-15697. Authenticated non-administrative users can read any file on a shared NAS by supplying the full path in the request (example: /home/admin/.ash_history). The issue stems from a file-disclosure vulnerability in ADM 3.1.5...

6.5CVSS6.6AI score0.00907EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/08/27 2:0 p.m.48 views

CVE-2018-15694

CVE-2018-15694 affects ASUSTOR Data Master (ADM) running on NAS devices, specifically versions 3.1.5 and earlier. A path traversal vulnerability allows authenticated remote non-administrative users to upload files to arbitrary locations, which could lead to code execution if the Web Server featur...

7.5CVSS7.7AI score0.01511EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/08/27 2:0 p.m.21 views

CVE-2018-15696

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to enumerate all user accounts via user.cgi...

5.8AI score0.00729EPSS
Exploits1References1
CVE
CVE
added 2018/08/27 2:0 p.m.46 views

CVE-2018-15695

ASUSTOR Data Master (ADM) is affected in versions 3.1.5 and earlier due to a path traversal vulnerability in wallpaper.cgi. The issue allows authenticated remote non-administrative users to delete arbitrary files on the file system. Root cause: path traversal in wallpaper.cgi. Impact per sources:...

8.5CVSS6.7AI score0.01014EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/08/27 2:0 p.m.58 views

CVE-2018-15696

ASUSTOR Data Master (ADM) prior to 3.1.6 is affected by CVE-2018-15696: authenticated remote non-administrative users can enumerate all user accounts via user.cgi. Vulnerability details are supported by multiple sources (e.g., NVD entry and OpenVAS plugin noting ADM < 3.1.6 includes CVE-2018-1...

4.3CVSS5.7AI score0.00729EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/08/24 12:0 a.m.36 views

ASUSTOR Data Master < 3.1.6 Multiple Vulnerabilities

According to its self-reported version number, the ASUSTOR Data Master ADM web interface running on the remote web server is prior to 3.1.6. It is, therefore, affected by multiple vulnerabilities: - CVE-2018-15694: Authenticated File Upload - CVE-2018-15695: Authenticated Arbitrary File Deletion ...

8.5CVSS6AI score0.01511EPSS
Exploits6References8
Tenable Nessus
Tenable Nessus
added 2018/07/24 12:0 a.m.14 views

ASUSTOR Data Master (ADM) Detection

Binary data asustordatamasterdetect.nbin...

7.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2018/07/24 12:0 a.m.27 views

ASUSTOR Data Master < 3.1.3 Multiple Vulnerabilities

According to its self-reported version number, the ASUSTOR Data Master ADM web interface running on the remote web server is prior to 3.1.3. It is, therefore, affected by multiple vulnerabilities, including unauthenticated remote code execution. C Tenable Network Security, Inc. include'compat.inc...

10CVSS9AI score0.04354EPSS
Exploits1References3
CNVD
CNVD
added 2018/07/03 12:0 a.m.3 views

ASURTOR NAS ADM Remote Command Execution Vulnerability

ASUSTOR Data Master ADM is a dedicated operating system for ASUSTOR NAS with a tablet-like graphical interface comparable to a zero learning curve. A remote command execution vulnerability exists in ASUSTOR NAS ADM. Because the application does not strictly filter user input, an unauthenticated...

9.8CVSS9.7AI score0.4476EPSS
Exploits9References1
OpenVAS
OpenVAS
added 2018/06/29 12:0 a.m.38 views

ASUSTOR Data Master (ADM) Detection (HTTP)

HTTP based detection of ASUSTOR Data Master ADM. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.1AI score
Exploits0References1
Rows per page
Query Builder