Lucene search

K
AsustorData Master3.1.1

15 matches found

CVE
CVE
added 2018/12/04 5:29 p.m.43 views

CVE-2018-12312

OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "secret_key" URL parameter.

9CVSS9.4AI score0.1198EPSS
CVE
CVE
added 2018/12/04 5:29 p.m.40 views

CVE-2018-12317

OS command injection in group.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root by modifying the "name" POST parameter.

9CVSS9.4AI score0.1198EPSS
CVE
CVE
added 2018/12/04 5:29 p.m.39 views

CVE-2018-12313

OS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands without authentication via the "rocommunity" URL parameter.

10CVSS10AI score0.05199EPSS
CVE
CVE
added 2018/12/04 5:29 p.m.38 views

CVE-2018-12318

Information disclosure in the SNMP settings page in ASUSTOR ADM version 3.1.1 allows attackers to obtain the SNMP password in cleartext.

8.8CVSS8.8AI score0.00305EPSS
CVE
CVE
added 2018/12/04 5:29 p.m.36 views

CVE-2018-12314

Directory Traversal in downloadwallpaper.cgi in ASUSTOR ADM version 3.1.1 allows attackers to download arbitrary files by manipulating the "file" and "folder" URL parameters.

7.8CVSS8AI score0.00993EPSS
CVE
CVE
added 2018/12/04 5:29 p.m.35 views

CVE-2018-12315

Missing verification of a password in ASUSTOR ADM version 3.1.1 allows attackers to change account passwords without entering the current password.

6.5CVSS7.1AI score0.00146EPSS
CVE
CVE
added 2018/12/04 5:29 p.m.34 views

CVE-2018-12307

OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "name" POST parameter.

9CVSS9.4AI score0.1198EPSS
CVE
CVE
added 2018/12/04 5:29 p.m.33 views

CVE-2018-12305

Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript by uploading SVG images with embedded JavaScript.

6.1CVSS6.8AI score0.0024EPSS
CVE
CVE
added 2018/12/04 5:29 p.m.33 views

CVE-2018-12309

Directory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to upload files to arbitrary locations by modifying the "path" URL parameter. NOTE: the "filename" POST parameter is covered by CVE-2018-11345.

7.5CVSS8.1AI score0.00619EPSS
CVE
CVE
added 2018/12/04 5:29 p.m.32 views

CVE-2018-12311

Cross-site scripting vulnerability in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute arbitrary JavaScript when a file is moved via a malicious filename.

5.4CVSS6.4AI score0.00206EPSS
CVE
CVE
added 2018/12/04 5:29 p.m.32 views

CVE-2018-12319

Denial-of-service in the login page of ASUSTOR ADM 3.1.1 allows attackers to prevent users from signing in by placing malformed text in the title.

7.5CVSS7.9AI score0.00396EPSS
CVE
CVE
added 2018/12/04 5:29 p.m.31 views

CVE-2018-12306

Directory Traversal in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to view arbitrary files by modifying the "file1" URL parameter, a similar issue to CVE-2018-11344.

7.5CVSS6.7AI score0.00466EPSS
CVE
CVE
added 2018/12/04 5:29 p.m.28 views

CVE-2018-12308

Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 allows attackers to obtain the encryption key via the "encrypt_key" URL parameter.

6.5CVSS6.9AI score0.00151EPSS
CVE
CVE
added 2018/12/04 5:29 p.m.28 views

CVE-2018-12310

Cross-site scripting in the Login page in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript via the System Announcement feature.

5.4CVSS6.4AI score0.00206EPSS
CVE
CVE
added 2018/12/04 5:29 p.m.26 views

CVE-2018-12316

OS Command Injection in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands by modifying the filename POST parameter.

9CVSS9.4AI score0.1198EPSS