Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
adm vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2018-12309
Directory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 allows malicious users to upload files to arbitrary locations by modifying the "path" URL parameter. NOTE: the "filename" POST parameter is covered by CVE-2018-11345.
Asustor Data Master 3.1.1
4.3
CVSSv3
CVE-2018-11346
An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the "download_sys_settings" action and then specify files arbitrarily throughout the system via the act parameter.
Asustor As6202t Firmware
8.8
CVSSv3
CVE-2020-10580
A command injection on the /admin/broadcast.php script of Invigo Automatic Device Management (ADM) up to and including 5.0 allows remote authenticated malicious users to execute arbitrary PHP code on the server as the user running the application.
Invigo Automatic Device Management
7.5
CVSSv3
CVE-2020-10579
A directory traversal on the /admin/sysmon.php script of Invigo Automatic Device Management (ADM) up to and including 5.0 allows remote malicious users to list the content of arbitrary server directories accessible to the user running the application.
Invigo Automatic Device Management
NA
CVE-2001-0978
login in HP-UX 10.26 does not record failed login attempts in /var/adm/btmp, which could allow malicious users to conduct brute force password guessing attacks without being detected or observed using the lastb program.
Hp Hp-ux 10.26
NA
CVE-2008-6939
TurnkeyForms Web Hosting Directory allows remote malicious users to bypass authentication and (1) gain administrative privileges by setting the adm cookie to 1 or (2) gain privileges as another user by setting the logged cookie to the target username.
Turnkeyforms Web Hosting Directory -
1 EDB exploit
NA
CVE-2008-6617
Unrestricted file upload vulnerability in adm/visual/upload.php in SiteXS CMS 0.1.1 allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/.
Sitexs Cms Sitexs Cms 0.1.1
1 EDB exploit
7.2
CVSSv3
CVE-2018-11340
An unrestricted file upload vulnerability in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows malicious users to upload supplied data to a specified filename. This can be used to place attacker controlled code on the file system that is then executed.
Asustor As6202t Firmware
NA
CVE-2004-2433
Buffer overflow in the IsValidFile function in the ADM ActiveX control for Altnet Download Manager 4.0.0.4 and previous versions, as used in Kazaa Media Desktop 1.3 up to and including 2.6.4 and Grokkster 1.3 up to and including 2.6, allows remote malicious users to execute arbit...
Kazaa Kazaa Media Desktop 1.6.1
Kazaa Kazaa Media Desktop 2.0
Grokster Grokster 2.6
Kazaa Kazaa Media Desktop 1.3
Altnet Altnet Download Manager
Kazaa Kazaa Media Desktop 1.3.1
Kazaa Kazaa Media Desktop 1.3.2
Altnet Altnet Download Manager 4.0.0.4
Grokster Grokster 1.3
Grokster Grokster 1.3.3
Kazaa Kazaa Media Desktop 2.0.2
Kazaa Kazaa Media Desktop 2.6.4
NA
CVE-2009-1559
Absolute path traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R24 and possibly 1.00R22 allows remote malicious users to read arbitrary files via an absolute pathname in the this_file parameter. NOTE: traversal via a .....
Cisco Wvc54gca 1.00r22
Cisco Wvc54gca 1.00r24
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »