29 matches found
EUVD-2018-3381
Malware in sbrugna...
EUVD-2018-3382
Malware in sbrugna...
EUVD-2018-3378
Malware in sbrugna...
EUVD-2018-3377
Malware in sbrugna...
Design/Logic Flaw
An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the "downloadsyssettings" action and then specify files arbitrarily throughout the system via the act parameter...
CVE-2018-11341
Directory traversal in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to navigate the file system via the filename parameter...
CVE-2018-11342
A path traversal vulnerability in fileExplorer.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a path to a file on the system to create folders via the destfolder parameter...
Unrestricted file upload
An unrestricted file upload vulnerability in upload.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data via the POST parameter filename. This can be used to place attacker controlled code on the file system that can then be executed. Further, the filename parameter is...
CVE-2018-11340
An unrestricted file upload vulnerability in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data to a specified filename. This can be used to place attacker controlled code on the file system that is then executed...
CVE-2018-11346
An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the "downloadsyssettings" action and then specify files arbitrarily throughout the system via the act parameter...
CVE-2018-11342
A path traversal vulnerability in fileExplorer.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a path to a file on the system to create folders via the destfolder parameter...
CVE-2018-11345
An unrestricted file upload vulnerability in upload.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data via the POST parameter filename. This can be used to place attacker controlled code on the file system that can then be executed. Further, the filename parameter is...
CVE-2018-11341
Directory traversal in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to navigate the file system via the filename parameter...
CVE-2018-11340
An unrestricted file upload vulnerability in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data to a specified filename. This can be used to place attacker controlled code on the file system that is then executed...
Path traversal
A path traversal vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a file on the system to download via the file1 parameter...
Path traversal
A path traversal vulnerability in fileExplorer.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a path to a file on the system to create folders via the destfolder parameter...
CVE-2018-11344
A path traversal vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a file on the system to download via the file1 parameter...
Unrestricted file upload
An unrestricted file upload vulnerability in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data to a specified filename. This can be used to place attacker controlled code on the file system that is then executed...
CVE-2018-11344
CVE-2018-11344 concerns ASUSTOR ADM 3.1.0.RFQ3 on AS6202T. A path traversal vulnerability in download.cgi via the file1 parameter allows an attacker to download arbitrary files from the system. Affected component: download.cgi; root cause: improper validation of file paths in file1. Proof of impa...
CVE-2018-11345
ASUSTOR AS6202T ADM 3.1.0.RFQ3 is affected by CVE-2018-11345: an unrestricted file upload vulnerability in upload.cgi that allows uploading data via the POST parameter filename and, due to path traversal in that parameter, placing files anywhere on the filesystem. This can enable attacker-control...