24 matches found
EUVD-2018-3382
Malware in sbrugna...
EUVD-2018-3381
Malware in sbrugna...
CGA-RFQ3-WCWG-W3XP
Bulletin has no description...
CGA-HGG6-RFQ3-2WC6
Bulletin has no description...
ASUSTOR ADM Remote Command Execution Vulnerability
ASUSTOR ADM is an operating system from ASUSTOR dedicated to ASUSTOR NAS storage devices. A security vulnerability exists in ASUSTOR ADM version 3.1.0.RFQ3, which stems from the program using the same default username and password as the NAS. An attacker could exploit the vulnerability to log in...
CVE-2018-11511
The tree list functionality in the photo gallery application in ASUSTOR ADM 3.1.0.RFQ3 has a SQL injection vulnerability that affects the 'albumid' or 'scope' parameter via a photo-gallery/api/album/treelists/ URI...
CVE-2018-11511
The tree list functionality in the photo gallery application in ASUSTOR ADM 3.1.0.RFQ3 has a SQL injection vulnerability that affects the ‘albumid’ or ‘scope’ parameter via a photo-gallery/api/album/treelists/ URI. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed...
ASUSTOR ADM 3.1.0.RFQ3 - Remote Command Execution / SQL Injection Vulnerabilities
Exploit for cgi platform in category web applications Product - ASUSTOR ADM - 3.1.0.RFQ3 and all previous builds Vendor - https://www.asustor.com/ Patch Notes - http://download.asustor.com/download/docs/releasenotes/RNADM3.1.3.RHU2.pdf Issue: The Asustor NAS appliance on ADM 3.1.0 and before suff...
ASUSTOR ADM 3.1.0.RFQ3 - Remote Command Execution / SQL Injection
Product - ASUSTOR ADM - 3.1.0.RFQ3 and all previous builds Vendor - https://www.asustor.com/ Patch Notes - http://download.asustor.com/download/docs/releasenotes/RNADM3.1.3.RHU2.pdf Issue: The Asustor NAS appliance on ADM 3.1.0 and before suffer from multiple critical vulnerabilities. The...
CVE-2018-11510
The ASUSTOR ADM 3.1.0.RFQ3 NAS portal suffers from an unauthenticated remote code execution vulnerability in the portal/apis/aggrecatejs.cgi file by embedding OS commands in the 'script' parameter...
Unrestricted file upload
An unrestricted file upload vulnerability in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data to a specified filename. This can be used to place attacker controlled code on the file system that is then executed...
Design/Logic Flaw
An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the "downloadsyssettings" action and then specify files arbitrarily throughout the system via the act parameter...
Path traversal
A path traversal vulnerability in fileExplorer.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a path to a file on the system to create folders via the destfolder parameter...
CVE-2018-11340
An unrestricted file upload vulnerability in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data to a specified filename. This can be used to place attacker controlled code on the file system that is then executed...
Unrestricted file upload
An unrestricted file upload vulnerability in upload.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data via the POST parameter filename. This can be used to place attacker controlled code on the file system that can then be executed. Further, the filename parameter is...
CVE-2018-11344
A path traversal vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a file on the system to download via the file1 parameter...
CVE-2018-11346
An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the "downloadsyssettings" action and then specify files arbitrarily throughout the system via the act parameter...
CVE-2018-11341
Directory traversal in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to navigate the file system via the filename parameter...
CVE-2018-11341
Directory traversal in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to navigate the file system via the filename parameter...
CVE-2018-11340
CVE-2018-11340 concerns an unrestricted file upload in ASUSTOR AS6202T ADM 3.1.0.RFQ3, specifically the importuser.cgi endpoint. The underlying issue is that the program accepts an uploaded file and saves it with a user-supplied filename, enabling an attacker to place attacker-controlled code on ...