ASUSTOR ADM path traversal vulnerability (CNVD-2018-25039)

ASUSTOR ADM is an operating system from ASUSTOR dedicated to ASUSTOR NAS storage devices. A directory traversal vulnerability exists in the upload.cgi file in ASUSTOR ADM version 3.1.1. An attacker can exploit this vulnerability by modifying the 'path' URL parameter to upload a file to an arbitra...

ASUSTOR ADM OS Command Injection Vulnerability (CNVD-2018-25181)

ASUSTOR ADM is an operating system from ASUSTOR dedicated to ASUSTOR NAS storage devices. An operating system command injection vulnerability exists in the upload.cgi file in ASUSTOR ADM version 3.1.1. An attacker can exploit this vulnerability by modifying the 'filename' POST parameter to execut...

CVE-2018-12309

Directory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to upload files to arbitrary locations by modifying the "path" URL parameter. NOTE: the "filename" POST parameter is covered by CVE-2018-11345...

Command injection

OS Command Injection in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands by modifying the filename POST parameter...

Directory traversal

Directory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to upload files to arbitrary locations by modifying the "path" URL parameter. NOTE: the "filename" POST parameter is covered by CVE-2018-11345...

CVE-2018-12316

ASUSTOR ADM is affected by OS Command Injection in upload.cgi in version 3.1.1, where an attacker can modify the filename POST parameter to execute system commands. This is documented across multiple sources (NVD CVE-2018-12316, CNVD-2018-25181, OpenVAS entry) with a CVSS base score high (3.0: 8....

CVE-2018-12309

CVE-2018-12309 describes a directory traversal in ASUSTOR ADM 3.1.1, via upload.cgi, allowing an attacker to upload files to arbitrary locations by modifying the path URL parameter (the filename parameter is covered by CVE-2018-11345). NVD lists CVSS v3.0 base score 7.5 (HIGH) with network attack...

CVE-2018-12316

OS Command Injection in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands by modifying the filename POST parameter...

CVE-2018-11345

ASUSTOR AS6202T ADM 3.1.0.RFQ3 is affected by CVE-2018-11345: an unrestricted file upload vulnerability in upload.cgi that allows uploading data via the POST parameter filename and, due to path traversal in that parameter, placing files anywhere on the filesystem. This can enable attacker-control...

ASUSTOR AS6202T ADM Unrestricted File Upload Vulnerability (CNVD-2018-10309)

ASUSTOR AS6202T ADM is a dedicated operating system for ASUSTOR NAS storage devices from ASUSTOR. A security vulnerability exists in the upload.cgi file in ASUSTOR AS6202T ADM version 3.1.0.RFQ3. An attacker can exploit the vulnerability by uploading data with the help of the 'filename' POST...

Authentication flaw

An authentication bypass vulnerability on UTStar WA3002G4 ADSL Broadband Modem WA3002G4-0021.01 devices allows attackers to directly access administrative settings and obtain cleartext credentials from HTML source, as demonstrated by info.cgi, upload.cgi, backupsettings.cgi, pppoe.cgi,...

bamca.org XSS vulnerability

Vulnerable URL: http://bamca.org/cgi-bin/upload.cgi?m=%3Csvg/onload=alert/OPENBUGBOUNTY/%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 29.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 17292322 VIP website status:| No Check...

Trend Micro Threat Discovery Appliance Directory Traversal Vulnerability

Trend Micro Threat Discovery Appliance TDA is a threat discovery appliance with integrated cloud security technology from Trend Micro. The appliance provides detection of malicious activity at the network layer, threat management services, and threat analysis and reporting. A directory traversal...

CVE-2016-8593

Directory traversal vulnerability in upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via a .. dot dot in the dID parameter...

CVE-2016-8593

Directory traversal vulnerability in upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via a .. dot dot in the dID parameter...

CVE-2016-8593

Directory traversal vulnerability in upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via a .. dot dot in the dID parameter...

CVE-2016-8593

Trend Micro Threat Discovery Appliance (TDA)

CVE-2014-9184

CVE-2014-9184 affects ZTE ZXDSL 831CII. The vulnerability allows remote attackers to bypass authentication by directly requesting CGI files (main.cgi, adminpasswd.cgi, userpasswd.cgi, upload.cgi, conprocess.cgi, connect.cgi). Evidence across sources confirms this authentication bypass issue with ...

Code injection

lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on Windows, allows remote attackers to bypass intended access restrictions and upload files with restricted names via a null byte %00 in a filename to bin/upload.cgi, as demonstrated using .htaccess to execute arbitrary code...

CVE-2010-1709

Multiple cross-site scripting XSS vulnerabilities in upload.cgi in G5-Scripts Auto-Img-Gallery 1.1 allow remote attackers to inject arbitrary web script or HTML via the 1 user and 2 pass parameters...