Lucene search
K

24 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-3382

Malware in sbrugna...

8.8CVSS8AI score0.01925EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-3381

Malware in sbrugna...

6.5CVSS6.8AI score0.01452EPSS
Exploits1References4
OSV
OSV
added 2024/09/25 5:33 a.m.7 views

CGA-RFQ3-WCWG-W3XP

Bulletin has no description...

7.5CVSS8.2AI score0.01127EPSS
Exploits0
OSV
OSV
added 2024/09/25 5:25 a.m.8 views

CGA-HGG6-RFQ3-2WC6

Bulletin has no description...

7.5CVSS7.1AI score0.01046EPSS
Exploits0
CNVD
CNVD
added 2018/08/21 12:0 a.m.3 views

ASUSTOR ADM Remote Command Execution Vulnerability

ASUSTOR ADM is an operating system from ASUSTOR dedicated to ASUSTOR NAS storage devices. A security vulnerability exists in ASUSTOR ADM version 3.1.0.RFQ3, which stems from the program using the same default username and password as the NAS. An attacker could exploit the vulnerability to log in...

9.8CVSS9.7AI score0.12573EPSS
Exploits5References1
OSV
OSV
added 2018/08/16 8:29 p.m.5 views

CVE-2018-11511

The tree list functionality in the photo gallery application in ASUSTOR ADM 3.1.0.RFQ3 has a SQL injection vulnerability that affects the 'albumid' or 'scope' parameter via a photo-gallery/api/album/treelists/ URI...

9.8CVSS5.8AI score0.11176EPSS
Exploits7References2
ATTACKERKB
ATTACKERKB
added 2018/08/16 12:0 a.m.298 views

CVE-2018-11511

The tree list functionality in the photo gallery application in ASUSTOR ADM 3.1.0.RFQ3 has a SQL injection vulnerability that affects the ‘albumid’ or ‘scope’ parameter via a photo-gallery/api/album/treelists/ URI. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed...

9.8CVSS9.7AI score0.11176EPSS
In wildExploits7References3
0day.today
0day.today
added 2018/08/15 12:0 a.m.122 views

ASUSTOR ADM 3.1.0.RFQ3 - Remote Command Execution / SQL Injection Vulnerabilities

Exploit for cgi platform in category web applications Product - ASUSTOR ADM - 3.1.0.RFQ3 and all previous builds Vendor - https://www.asustor.com/ Patch Notes - http://download.asustor.com/download/docs/releasenotes/RNADM3.1.3.RHU2.pdf Issue: The Asustor NAS appliance on ADM 3.1.0 and before suff...

0.6AI score0.4476EPSS
Exploits13
Exploit DB
Exploit DB
added 2018/08/15 12:0 a.m.73 views

ASUSTOR ADM 3.1.0.RFQ3 - Remote Command Execution / SQL Injection

Product - ASUSTOR ADM - 3.1.0.RFQ3 and all previous builds Vendor - https://www.asustor.com/ Patch Notes - http://download.asustor.com/download/docs/releasenotes/RNADM3.1.3.RHU2.pdf Issue: The Asustor NAS appliance on ADM 3.1.0 and before suffer from multiple critical vulnerabilities. The...

9.8CVSS9.8AI score0.4476EPSS
Exploits13
Cvelist
Cvelist
added 2018/06/28 2:0 p.m.36 views

CVE-2018-11510

The ASUSTOR ADM 3.1.0.RFQ3 NAS portal suffers from an unauthenticated remote code execution vulnerability in the portal/apis/aggrecatejs.cgi file by embedding OS commands in the 'script' parameter...

9.9AI score0.4476EPSS
Exploits9References5
Prion
Prion
added 2018/05/22 1:29 a.m.19 views

Unrestricted file upload

An unrestricted file upload vulnerability in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data to a specified filename. This can be used to place attacker controlled code on the file system that is then executed...

9CVSS6.9AI score0.02114EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2018/05/22 1:29 a.m.17 views

Design/Logic Flaw

An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the "downloadsyssettings" action and then specify files arbitrarily throughout the system via the act parameter...

4CVSS4.7AI score0.01275EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2018/05/22 1:29 a.m.20 views

Path traversal

A path traversal vulnerability in fileExplorer.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a path to a file on the system to create folders via the destfolder parameter...

4CVSS4.7AI score0.01131EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2018/05/22 1:29 a.m.21 views

CVE-2018-11340

An unrestricted file upload vulnerability in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data to a specified filename. This can be used to place attacker controlled code on the file system that is then executed...

9CVSS7AI score0.02114EPSS
Exploits1References3
Prion
Prion
added 2018/05/22 1:29 a.m.12 views

Unrestricted file upload

An unrestricted file upload vulnerability in upload.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data via the POST parameter filename. This can be used to place attacker controlled code on the file system that can then be executed. Further, the filename parameter is...

6.5CVSS7.7AI score0.01925EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2018/05/22 1:29 a.m.16 views

CVE-2018-11344

A path traversal vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a file on the system to download via the file1 parameter...

6.5CVSS6.8AI score0.01452EPSS
Exploits1References3
NVD
NVD
added 2018/05/22 1:29 a.m.12 views

CVE-2018-11346

An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the "downloadsyssettings" action and then specify files arbitrarily throughout the system via the act parameter...

4.3CVSS4.6AI score0.01275EPSS
Exploits1References3
OSV
OSV
added 2018/05/22 1:29 a.m.4 views

CVE-2018-11341

Directory traversal in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to navigate the file system via the filename parameter...

7.2CVSS5.8AI score
Exploits0References3
NVD
NVD
added 2018/05/22 1:29 a.m.19 views

CVE-2018-11341

Directory traversal in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to navigate the file system via the filename parameter...

7.2CVSS7AI score0.02172EPSS
Exploits1References3
CVE
CVE
added 2018/05/22 1:0 a.m.52 views

CVE-2018-11340

CVE-2018-11340 concerns an unrestricted file upload in ASUSTOR AS6202T ADM 3.1.0.RFQ3, specifically the importuser.cgi endpoint. The underlying issue is that the program accepts an uploaded file and saves it with a user-supplied filename, enabling an attacker to place attacker-controlled code on ...

9CVSS7AI score0.02114EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder