Filtered by vendor Asustor
Subscribe
Search
Total
16 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-3699 | 1 Asustor | 1 Data Master | 2023-08-28 | N/A | 5.5 MEDIUM |
| An Improper Privilege Management vulnerability was found in ASUSTOR Data Master (ADM) allows an unprivileged local users to modify the storage devices configuration. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below. | |||||
| CVE-2023-4475 | 1 Asustor | 1 Data Master | 2023-08-28 | N/A | 5.5 MEDIUM |
| An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an attacker to exploit the file renaming feature to move files to unintended directories. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below. | |||||
| CVE-2018-12315 | 1 Asustor | 2 As602t, Data Master | 2019-10-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| Missing verification of a password in ASUSTOR ADM version 3.1.1 allows attackers to change account passwords without entering the current password. | |||||
| CVE-2018-11346 | 1 Asustor | 2 As6202t, As6202t Firmware | 2019-10-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the "download_sys_settings" action and then specify files arbitrarily throughout the system via the act parameter. | |||||
| CVE-2018-12308 | 1 Asustor | 2 As602t, Data Master | 2019-10-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 allows attackers to obtain the encryption key via the "encrypt_key" URL parameter. | |||||
| CVE-2018-11342 | 1 Asustor | 2 As6202t, As6202t Firmware | 2019-03-29 | 4.0 MEDIUM | 4.3 MEDIUM |
| A path traversal vulnerability in fileExplorer.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a path to a file on the system to create folders via the dest_folder parameter. | |||||
| CVE-2018-11344 | 1 Asustor | 2 As6202t, As6202t Firmware | 2019-03-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A path traversal vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a file on the system to download via the file1 parameter. | |||||
| CVE-2018-11343 | 1 Asustor | 1 Soundsgood | 2019-03-20 | 3.5 LOW | 5.4 MEDIUM |
| A persistent cross site scripting vulnerability in playlistmanger.cgi in the ASUSTOR SoundsGood application allows attackers to store cross site scripting payloads via the 'playlist' POST parameter. | |||||
| CVE-2018-12310 | 1 Asustor | 2 As602t, Data Master | 2018-12-20 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting in the Login page in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript via the System Announcement feature. | |||||
| CVE-2018-12311 | 1 Asustor | 2 As602t, Data Master | 2018-12-20 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute arbitrary JavaScript when a file is moved via a malicious filename. | |||||
| CVE-2018-12305 | 1 Asustor | 1 Data Master | 2018-12-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript by uploading SVG images with embedded JavaScript. | |||||
| CVE-2018-15697 | 1 Asustor | 1 Data Master | 2018-10-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on a share by providing the full path. For example, /home/admin/.ash_history. | |||||
| CVE-2018-15699 | 1 Asustor | 1 Data Master | 2018-10-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a configuration file that is vulnerable to XSS. A man in the middle can take advantage of this by inserting Javascript into the configuration files Version field. | |||||
| CVE-2018-15696 | 1 Asustor | 1 Data Master | 2018-10-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to enumerate all user accounts via user.cgi. | |||||
| CVE-2018-15698 | 1 Asustor | 1 Data Master | 2018-10-30 | 6.8 MEDIUM | 6.5 MEDIUM |
| ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on the file system when providing the full path to loginimage.cgi. | |||||
| CVE-2018-15695 | 1 Asustor | 1 Data Master | 2018-10-30 | 8.5 HIGH | 6.5 MEDIUM |
| ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to delete any file on the file system due to a path traversal vulnerability in wallpaper.cgi. | |||||