9 matches found
CVE-2023-51947
Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to read and modify different types of data without authentication...
CVE-2023-51946
Multiple reflected cross-site scripting XSS vulnerabilities in nasSvr.php in actidata actiNAS-SL-2U-8 3.2.03-SP1 allow remote attackers to inject arbitrary web script or HTML...
Directory traversal
A Site-wide directory listing vulnerability in /fm in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to list the files hosted by the web application...
CVE-2023-51948
CVE-2023-51948 affects actidata actiNAS SL 2U-8 RDX 3.2.03-SP1, with a site-wide directory listing issue in the /fm endpoint that allows remote attackers to enumerate files hosted by the web application. The vulnerability, documented across NVD/Red Hat/CVE records, has a base CVSS v3.1 score of 7...
CVE-2023-51947
The CVE-2023-51947 issue affects actidata actiNAS SL 2U-8 RDX (firmware 3.2.03-SP1). It stems from improper access control in nasSvr.php, enabling remote attackers to read and modify data without authentication. According to sources, the vulnerability is critical (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:...
CVE-2023-51947
Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to read and modify different types of data without authentication...
CVE-2023-51948
A Site-wide directory listing vulnerability in /fm in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to list the files hosted by the web application...
actidata actiNAS SL 2U-8 RDX Security Vulnerability
The actidata actiNAS SL 2U-8 RDX is a rackmount backup server from actidata. A security vulnerability exists in the actidata actiNAS SL 2U-8 RDX version 3.2.03-SP1, which originated from a vulnerability that allows remote attackers to list files hosted by a web application...
CVE-2023-51947
Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to read and modify different types of data without authentication...