Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
asustor adm vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2018-12308
Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 allows malicious users to obtain the encryption key via the "encrypt_key" URL parameter.
Asustor Data Master 3.1.1
801
VMScore
CVE-2018-11340
An unrestricted file upload vulnerability in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows malicious users to upload supplied data to a specified filename. This can be used to place attacker controlled code on the file system that is then executed.
Asustor As6202t Firmware
890
VMScore
CVE-2018-12313
OS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1 allows malicious users to execute system commands without authentication via the "rocommunity" URL parameter.
Asustor Data Master 3.1.1
801
VMScore
CVE-2018-12307
OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows malicious users to execute system commands as root via the "name" POST parameter.
Asustor Data Master 3.1.1
383
VMScore
CVE-2018-12305
Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 allows malicious users to execute JavaScript by uploading SVG images with embedded JavaScript.
Asustor Data Master 3.1.1
801
VMScore
CVE-2018-12312
OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows malicious users to execute system commands as root via the "secret_key" URL parameter.
Asustor Data Master 3.1.1
694
VMScore
CVE-2018-12314
Directory Traversal in downloadwallpaper.cgi in ASUSTOR ADM version 3.1.1 allows malicious users to download arbitrary files by manipulating the "file" and "folder" URL parameters.
Asustor Data Master 3.1.1
801
VMScore
CVE-2018-12317
OS command injection in group.cgi in ASUSTOR ADM version 3.1.1 allows malicious users to execute system commands as root by modifying the "name" POST parameter.
Asustor Data Master 3.1.1
445
VMScore
CVE-2018-12319
Denial-of-service in the login page of ASUSTOR ADM 3.1.1 allows malicious users to prevent users from signing in by placing malformed text in the title.
Asustor Data Master 3.1.1
312
VMScore
CVE-2018-12311
Cross-site scripting vulnerability in File Explorer in ASUSTOR ADM version 3.1.1 allows malicious users to execute arbitrary JavaScript when a file is moved via a malicious filename.
Asustor Data Master 3.1.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »