Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
adm vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2018-12310
Cross-site scripting in the Login page in ASUSTOR ADM version 3.1.1 allows malicious users to execute JavaScript via the System Announcement feature.
Asustor Data Master 3.1.1
8.8
CVSSv3
CVE-2018-12316
OS Command Injection in upload.cgi in ASUSTOR ADM version 3.1.1 allows malicious users to execute system commands by modifying the filename POST parameter.
Asustor Data Master 3.1.1
NA
CVE-2008-3454
JnSHosts PHP Hosting Directory 2.0 allows remote malicious users to bypass authentication and gain administrative access by setting the "adm" cookie value to 1.
Jnshosts Php Hosting Directory 2.0
1 EDB exploit
9.8
CVSSv3
CVE-2018-12313
OS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1 allows malicious users to execute system commands without authentication via the "rocommunity" URL parameter.
Asustor Data Master 3.1.1
6.1
CVSSv3
CVE-2018-12305
Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 allows malicious users to execute JavaScript by uploading SVG images with embedded JavaScript.
Asustor Data Master 3.1.1
8.8
CVSSv3
CVE-2018-12307
OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows malicious users to execute system commands as root via the "name" POST parameter.
Asustor Data Master 3.1.1
8.8
CVSSv3
CVE-2018-12312
OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows malicious users to execute system commands as root via the "secret_key" URL parameter.
Asustor Data Master 3.1.1
7.5
CVSSv3
CVE-2018-12314
Directory Traversal in downloadwallpaper.cgi in ASUSTOR ADM version 3.1.1 allows malicious users to download arbitrary files by manipulating the "file" and "folder" URL parameters.
Asustor Data Master 3.1.1
8.8
CVSSv3
CVE-2018-12317
OS command injection in group.cgi in ASUSTOR ADM version 3.1.1 allows malicious users to execute system commands as root by modifying the "name" POST parameter.
Asustor Data Master 3.1.1
8.8
CVSSv3
CVE-2018-16752
LINK-NET LW-N605R devices with firmware 12.20.2.1486 allow Remote Code Execution via shell metacharacters in the HOST field of the ping feature at adm/systools.asp. Authentication is needed but the default password of admin for the admin account may be used in some cases.
Linknet-usa Lw-n605r Firmware 12.20.2.1486
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »