CVE-2018-15694
- EPSS 2.12%
- Veröffentlicht 27.08.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 03:51:17
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to upload files to arbitrary locations due to a path traversal vulnerability. This could lead to code execution if the "Web Server" feature is enabled.
CVE-2018-15699
- EPSS 0.24%
- Veröffentlicht 27.08.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 03:51:18
ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a configuration file that is vulnerable to XSS. A man in the middle can take advantage of this by inserting Javascript into the configuration files Version field.
CVE-2018-15698
- EPSS 0.73%
- Veröffentlicht 27.08.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 03:51:17
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on the file system when providing the full path to loginimage.cgi.
CVE-2018-15697
- EPSS 0.43%
- Veröffentlicht 27.08.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 03:51:17
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on a share by providing the full path. For example, /home/admin/.ash_history.
CVE-2018-15696
- EPSS 0.31%
- Veröffentlicht 27.08.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 03:51:17
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to enumerate all user accounts via user.cgi.
CVE-2018-15695
- EPSS 0.49%
- Veröffentlicht 27.08.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 03:51:17
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to delete any file on the file system due to a path traversal vulnerability in wallpaper.cgi.