RSS   Vulnerabilities for 'Data master'   RSS

2018-12-04
 
CVE-2018-12319

CWE-79
 

 
Denial-of-service in the login page of ASUSTOR ADM 3.1.1 allows attackers to prevent users from signing in by placing malformed text in the title.

 
 
CVE-2018-12318

CWE-255
 

 
Information disclosure in the SNMP settings page in ASUSTOR ADM version 3.1.1 allows attackers to obtain the SNMP password in cleartext.

 
 
CVE-2018-12317

CWE-78
 

 
OS command injection in group.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root by modifying the "name" POST parameter.

 
 
CVE-2018-12316

CWE-78
 

 
OS Command Injection in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands by modifying the filename POST parameter.

 
 
CVE-2018-12315

CWE-640
 

 
Missing verification of a password in ASUSTOR ADM version 3.1.1 allows attackers to change account passwords without entering the current password.

 
 
CVE-2018-12314

CWE-22
 

 
Directory Traversal in downloadwallpaper.cgi in ASUSTOR ADM version 3.1.1 allows attackers to download arbitrary files by manipulating the "file" and "folder" URL parameters.

 
 
CVE-2018-12313

CWE-78
 

 
OS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands without authentication via the "rocommunity" URL parameter.

 
 
CVE-2018-12312

CWE-78
 

 
OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "secret_key" URL parameter.

 
 
CVE-2018-12311

CWE-79
 

 
Cross-site scripting vulnerability in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute arbitrary JavaScript when a file is moved via a malicious filename.

 
 
CVE-2018-12310

CWE-79
 

 
Cross-site scripting in the Login page in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript via the System Announcement feature.

 


Copyright 2021, cxsecurity.com

 

Back to Top