CVE-2018-12315
- EPSS 0.68%
- Veröffentlicht 04.12.2018 17:29:00
- Zuletzt bearbeitet 21.11.2024 03:44:58
Missing verification of a password in ASUSTOR ADM version 3.1.1 allows attackers to change account passwords without entering the current password.
CVE-2018-15694
- EPSS 1.51%
- Veröffentlicht 27.08.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 03:51:17
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to upload files to arbitrary locations due to a path traversal vulnerability. This could lead to code execution if the "Web Server" feature is enabled.
CVE-2018-15699
- EPSS 0.65%
- Veröffentlicht 27.08.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 03:51:18
ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a configuration file that is vulnerable to XSS. A man in the middle can take advantage of this by inserting Javascript into the configuration files Version field.
CVE-2018-15698
- EPSS 1.11%
- Veröffentlicht 27.08.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 03:51:17
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on the file system when providing the full path to loginimage.cgi.
CVE-2018-15697
- EPSS 0.91%
- Veröffentlicht 27.08.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 03:51:17
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on a share by providing the full path. For example, /home/admin/.ash_history.
CVE-2018-15696
- EPSS 0.73%
- Veröffentlicht 27.08.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 03:51:17
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to enumerate all user accounts via user.cgi.
CVE-2018-15695
- EPSS 1.01%
- Veröffentlicht 27.08.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 03:51:17
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to delete any file on the file system due to a path traversal vulnerability in wallpaper.cgi.