Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
adm vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-10581
Multiple session validity check issues in several administration functionalities of Invigo Automatic Device Management (ADM) up to and including 5.0 allow remote malicious users to read potentially sensitive data hosted by the application.
Invigo Automatic Device Management
9.8
CVSSv3
CVE-2023-24796
Password vulnerability found in Vinga WR-AC1200 81.102.1.4370 and before allows a remote malicious user to execute arbitrary code via the password parameter at the /goform/sysTools and /adm/systools.asp endpoints.
Vinga Wr-ac1200 Firmware
6.1
CVSSv3
CVE-2018-18678
GNUBOARD5 prior to 5.3.2.0 has XSS that allows remote malicious users to inject arbitrary web script or HTML via the "board group extra contents" parameter, aka the adm/boardgroup_form_update.php gr_1~10 parameter.
Gnuboard Gnuboard5
8.8
CVSSv3
CVE-2020-10583
The /admin/admapi.php script of Invigo Automatic Device Management (ADM) up to and including 5.0 allows remote authenticated malicious users to execute arbitrary OS commands on the server as the user running the application.
Invigo Automatic Device Management
7.5
CVSSv3
CVE-2020-10584
A directory traversal on the /admin/search_by.php script of Invigo Automatic Device Management (ADM) up to and including 5.0 allows remote malicious users to read arbitrary server files accessible to the user running the application.
Invigo Automatic Device Management
8.8
CVSSv3
CVE-2017-5259
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https://<device-ip-or-hostname>/adm/syscmd.asp.
Cambiumnetworks Cnpilot R190v Firmware
Cambiumnetworks Cnpilot E410 Firmware
Cambiumnetworks Cnpilot R190n Firmware
Cambiumnetworks Cnpilot E400 Firmware
Cambiumnetworks Cnpilot E600 Firmware
NA
CVE-2024-30950
A stored cross-site scripting (XSS) vulnerability in FUDforum v3.1.3 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the SQL statements field under /adm/admsql.php.
5.5
CVSSv3
CVE-2023-5182
Sensitive data could be exposed in logs of subiquity version 23.09.1 and previous versions. An attacker in the adm group could use this information to find hashed passwords and possibly escalate their privilege.
Canonical Subiquity
9.8
CVSSv3
CVE-2020-10582
A SQL injection on the /admin/display_errors.php script of Invigo Automatic Device Management (ADM) up to and including 5.0 allows remote malicious users to execute arbitrary SQL requests (including data reading and modification) on the database.
Invigo Automatic Device Management
4.3
CVSSv3
CVE-2018-11342
A path traversal vulnerability in fileExplorer.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows malicious users to arbitrarily specify a path to a file on the system to create folders via the dest_folder parameter.
Asustor As6202t Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »