Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
asustor data master vulnerabilities and exploits
(subscribe to this query)
534
VMScore
CVE-2018-15694
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to upload files to arbitrary locations due to a path traversal vulnerability. This could lead to code execution if the "Web Server" feature is enabled.
Asustor Data Master
356
VMScore
CVE-2018-15697
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on a share by providing the full path. For example, /home/admin/.ash_history.
Asustor Data Master
NA
CVE-2023-3699
An Improper Privilege Management vulnerability was found in ASUSTOR Data Master (ADM) allows an unprivileged local users to modify the storage devices configuration. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.
Asustor Data Master
312
VMScore
CVE-2018-12310
Cross-site scripting in the Login page in ASUSTOR ADM version 3.1.1 allows malicious users to execute JavaScript via the System Announcement feature.
Asustor Data Master 3.1.1
801
VMScore
CVE-2018-12316
OS Command Injection in upload.cgi in ASUSTOR ADM version 3.1.1 allows malicious users to execute system commands by modifying the filename POST parameter.
Asustor Data Master 3.1.1
890
VMScore
CVE-2018-12313
OS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1 allows malicious users to execute system commands without authentication via the "rocommunity" URL parameter.
Asustor Data Master 3.1.1
801
VMScore
CVE-2018-12317
OS command injection in group.cgi in ASUSTOR ADM version 3.1.1 allows malicious users to execute system commands as root by modifying the "name" POST parameter.
Asustor Data Master 3.1.1
445
VMScore
CVE-2018-12306
Directory Traversal in File Explorer in ASUSTOR ADM version 3.1.1 allows malicious users to view arbitrary files by modifying the "file1" URL parameter, a similar issue to CVE-2018-11344.
Asustor Data Master 3.1.1
801
VMScore
CVE-2018-12307
OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows malicious users to execute system commands as root via the "name" POST parameter.
Asustor Data Master 3.1.1
445
VMScore
CVE-2018-12309
Directory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 allows malicious users to upload files to arbitrary locations by modifying the "path" URL parameter. NOTE: the "filename" POST parameter is covered by CVE-2018-11345.
Asustor Data Master 3.1.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »