Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
adm vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2018-2478
An attacker can use specially crafted inputs to execute commands on the host of a TREX / BWA installation, SAP Basis, versions: 7.0 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40 and 7.50 to 7.53. Not all commands are possible, only those that can be executed by the <sid>adm user....
Sap Basis 7.31
Sap Basis 7.40
Sap Basis
Sap Basis 7.30
7.5
CVSSv2
CVE-2021-44620
A Command Injection vulnerability exits in TOTOLINK A3100R <=V4.1.2cu.5050_B20200504 in adm/ntm.asp via the hosTime parameters.
Totolink A3100r Firmware
10
CVSSv2
CVE-2021-34111
Thecus 4800Eco exists to contain a command injection vulnerability via the username parameter in /adm/setmain.php.
Thecus N4800eco Firmware -
NA
CVE-2024-30951
FUDforum v3.1.3 exists to contain a reflected cross-site scripting (XSS) vulnerability via the chpos parameter at /adm/admsmiley.php.
6.5
CVSSv2
CVE-2018-11341
Directory traversal in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows malicious users to navigate the file system via the filename parameter.
Asustor As6202t Firmware
4
CVSSv2
CVE-2018-12315
Missing verification of a password in ASUSTOR ADM version 3.1.1 allows malicious users to change account passwords without entering the current password.
Asustor Data Master 3.1.1
4
CVSSv2
CVE-2018-12318
Information disclosure in the SNMP settings page in ASUSTOR ADM version 3.1.1 allows malicious users to obtain the SNMP password in cleartext.
Asustor Data Master 3.1.1
4.3
CVSSv2
CVE-2018-15580
Cross-Site Scripting (XSS) vulnerability in adm/contentformupdate.php in gnuboard5 prior to 5.3.1.6 allows remote malicious users to inject arbitrary web script or HTML.
Gnuboard Gnuboard5
4
CVSSv2
CVE-2018-12308
Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 allows malicious users to obtain the encryption key via the "encrypt_key" URL parameter.
Asustor Data Master 3.1.1
3.5
CVSSv2
CVE-2018-12310
Cross-site scripting in the Login page in ASUSTOR ADM version 3.1.1 allows malicious users to execute JavaScript via the System Announcement feature.
Asustor Data Master 3.1.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »