Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
adm vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-30950
A stored cross-site scripting (XSS) vulnerability in FUDforum v3.1.3 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the SQL statements field under /adm/admsql.php.
NA
CVE-2024-30951
FUDforum v3.1.3 exists to contain a reflected cross-site scripting (XSS) vulnerability via the chpos parameter at /adm/admsmiley.php.
NA
CVE-2023-5182
Sensitive data could be exposed in logs of subiquity version 23.09.1 and previous versions. An attacker in the adm group could use this information to find hashed passwords and possibly escalate their privilege.
Canonical Subiquity
NA
CVE-2023-38030
Saho’s attendance devices ADM100 and ADM-100FP have a vulnerability of missing authentication for critical functions. An unauthenticated remote attacker can execute system commands in partial website URLs to read sensitive device information without permissions.
Saho Adm-100 Firmware 0.0.4.0
Saho Adm-100 Firmware 0.0.4.3
Saho Adm-100 Firmware 0.0.4.6
Saho Adm-100 Firmware 0.0.4.8
Saho Adm-100 Firmware Q20100602
Saho Adm-100 Firmware T190
Saho Adm-100 Firmware T17041702
Saho Adm-100 Firmware T18051803
Saho Adm-100fp Firmware Q20100602
Saho Adm-100fp Firmware T190
Saho Adm-100fp Firmware T17041702
Saho Adm-100fp Firmware T18051803
NA
CVE-2023-38029
Saho’s attendance devices ADM100 and ADM-100FP has insufficient filtering for special characters and file type within their file uploading function. A unauthenticate remote attacker authenticated can upload and execute arbitrary files to perform arbitrary system commands o...
Saho Adm-100 Firmware 0.0.4.0
Saho Adm-100 Firmware 0.0.4.3
Saho Adm-100 Firmware 0.0.4.6
Saho Adm-100 Firmware 0.0.4.8
Saho Adm-100 Firmware Q20100602
Saho Adm-100 Firmware T190
Saho Adm-100 Firmware T17041702
Saho Adm-100 Firmware T18051803
Saho Adm-100fp Firmware Q20100602
Saho Adm-100fp Firmware T190
Saho Adm-100fp Firmware T17041702
Saho Adm-100fp Firmware T18051803
NA
CVE-2023-38028
Saho’s attendance devices ADM100 and ADM-100FP have insufficient authentication. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication to read system information and operate user's data, but can’t control system or disrupt se...
Saho Adm-100 Firmware 0.0.4.0
Saho Adm-100 Firmware 0.0.4.3
Saho Adm-100 Firmware 0.0.4.6
Saho Adm-100 Firmware 0.0.4.8
Saho Adm-100 Firmware Q20100602
Saho Adm-100 Firmware T190
Saho Adm-100 Firmware T17041702
Saho Adm-100 Firmware T18051803
Saho Adm-100fp Firmware Q20100602
Saho Adm-100fp Firmware T190
Saho Adm-100fp Firmware T17041702
Saho Adm-100fp Firmware T18051803
NA
CVE-2023-4475
An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an malicious user to exploit the file renaming feature to move files to unintended directories. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61...
Asustor Data Master
NA
CVE-2023-3699
An Improper Privilege Management vulnerability was found in ASUSTOR Data Master (ADM) allows an unprivileged local users to modify the storage devices configuration. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.
Asustor Data Master
NA
CVE-2023-2910
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Printer service functionality in ASUSTOR Data Master (ADM) allows remote unauthorized users to execute arbitrary commands via unspecified vectors. Affected products and ...
Asustor Data Master
NA
CVE-2023-3697
Printer service fails to adequately handle user input, allowing an remote unauthorized users to navigate beyond the intended directory structure and create files. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.
Asustor Data Master
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »