Vulnerabilities > Asustor > Data Master > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-22 | CVE-2023-3699 | Unspecified vulnerability in Asustor Data Master An Improper Privilege Management vulnerability was found in ASUSTOR Data Master (ADM) allows an unprivileged local users to modify the storage devices configuration. | 5.5 |
| 2023-08-22 | CVE-2023-4475 | Files or Directories Accessible to External Parties vulnerability in Asustor Data Master An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an attacker to exploit the file renaming feature to move files to unintended directories. | 5.5 |
| 2018-12-04 | CVE-2018-12319 | Cross-site Scripting vulnerability in Asustor Data Master 3.1.1 Denial-of-service in the login page of ASUSTOR ADM 3.1.1 allows attackers to prevent users from signing in by placing malformed text in the title. | 5.0 |
| 2018-12-04 | CVE-2018-12318 | Information Exposure vulnerability in Asustor Data Master 3.1.1 Information disclosure in the SNMP settings page in ASUSTOR ADM version 3.1.1 allows attackers to obtain the SNMP password in cleartext. | 4.0 |
| 2018-12-04 | CVE-2018-12315 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Asustor Data Master 3.1.1 Missing verification of a password in ASUSTOR ADM version 3.1.1 allows attackers to change account passwords without entering the current password. | 4.0 |
| 2018-12-04 | CVE-2018-12309 | Path Traversal vulnerability in Asustor Data Master 3.1.1 Directory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to upload files to arbitrary locations by modifying the "path" URL parameter. | 5.0 |
| 2018-12-04 | CVE-2018-12308 | Information Exposure vulnerability in Asustor Data Master 3.1.1 Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 allows attackers to obtain the encryption key via the "encrypt_key" URL parameter. | 4.0 |
| 2018-12-04 | CVE-2018-12306 | Path Traversal vulnerability in Asustor Data Master 3.1.1 Directory Traversal in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to view arbitrary files by modifying the "file1" URL parameter, a similar issue to CVE-2018-11344. | 5.0 |
| 2018-12-04 | CVE-2018-12305 | Cross-site Scripting vulnerability in Asustor Data Master 3.1.1 Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript by uploading SVG images with embedded JavaScript. | 4.3 |
| 2018-08-27 | CVE-2018-15699 | Cross-site Scripting vulnerability in Asustor Data Master ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a configuration file that is vulnerable to XSS. | 4.3 |