2 matches found
CVE-2018-15697
ASUSTOR Data Master (ADM) prior to version 3.1.6 is affected by CVE-2018-15697. Authenticated non-administrative users can read any file on a shared NAS by supplying the full path in the request (example: /home/admin/.ash_history). The issue stems from a file-disclosure vulnerability in ADM 3.1.5...
ASUSTOR Data Master < 3.1.6 Multiple Vulnerabilities
According to its self-reported version number, the ASUSTOR Data Master ADM web interface running on the remote web server is prior to 3.1.6. It is, therefore, affected by multiple vulnerabilities: - CVE-2018-15694: Authenticated File Upload - CVE-2018-15695: Authenticated Arbitrary File Deletion ...