Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
asustor data master 3.1.1 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2018-12306
Directory Traversal in File Explorer in ASUSTOR ADM version 3.1.1 allows malicious users to view arbitrary files by modifying the "file1" URL parameter, a similar issue to CVE-2018-11344.
Asustor Data Master 3.1.1
8.8
CVSSv3
CVE-2018-12307
OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows malicious users to execute system commands as root via the "name" POST parameter.
Asustor Data Master 3.1.1
7.5
CVSSv3
CVE-2018-12309
Directory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 allows malicious users to upload files to arbitrary locations by modifying the "path" URL parameter. NOTE: the "filename" POST parameter is covered by CVE-2018-11345.
Asustor Data Master 3.1.1
9.8
CVSSv3
CVE-2018-12313
OS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1 allows malicious users to execute system commands without authentication via the "rocommunity" URL parameter.
Asustor Data Master 3.1.1
6.5
CVSSv3
CVE-2018-12315
Missing verification of a password in ASUSTOR ADM version 3.1.1 allows malicious users to change account passwords without entering the current password.
Asustor Data Master 3.1.1
8.8
CVSSv3
CVE-2018-12317
OS command injection in group.cgi in ASUSTOR ADM version 3.1.1 allows malicious users to execute system commands as root by modifying the "name" POST parameter.
Asustor Data Master 3.1.1
6.1
CVSSv3
CVE-2018-12305
Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 allows malicious users to execute JavaScript by uploading SVG images with embedded JavaScript.
Asustor Data Master 3.1.1
6.5
CVSSv3
CVE-2018-12308
Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 allows malicious users to obtain the encryption key via the "encrypt_key" URL parameter.
Asustor Data Master 3.1.1
5.4
CVSSv3
CVE-2018-12310
Cross-site scripting in the Login page in ASUSTOR ADM version 3.1.1 allows malicious users to execute JavaScript via the System Announcement feature.
Asustor Data Master 3.1.1
5.4
CVSSv3
CVE-2018-12311
Cross-site scripting vulnerability in File Explorer in ASUSTOR ADM version 3.1.1 allows malicious users to execute arbitrary JavaScript when a file is moved via a malicious filename.
Asustor Data Master 3.1.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege
CVE-2022-48762
CVE-2022-48751
CVE-2024-37079
CVE-2024-30848
LFI
man-in-the-middle
CVE-2022-48736
CVE-2024-30103
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »