Vulnerabilities > Asustor
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-04 | CVE-2018-12311 | Cross-site Scripting vulnerability in Asustor Data Master 3.1.1 Cross-site scripting vulnerability in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute arbitrary JavaScript when a file is moved via a malicious filename. | 5.4 |
| 2018-12-04 | CVE-2018-12310 | Cross-site Scripting vulnerability in Asustor Data Master 3.1.1 Cross-site scripting in the Login page in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript via the System Announcement feature. | 5.4 |
| 2018-12-04 | CVE-2018-12309 | Path Traversal vulnerability in Asustor Data Master 3.1.1 Directory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to upload files to arbitrary locations by modifying the "path" URL parameter. | 7.5 |
| 2018-12-04 | CVE-2018-12308 | Information Exposure vulnerability in Asustor Data Master 3.1.1 Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 allows attackers to obtain the encryption key via the "encrypt_key" URL parameter. | 6.5 |
| 2018-12-04 | CVE-2018-12307 | OS Command Injection vulnerability in Asustor Data Master 3.1.1 OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "name" POST parameter. | 8.8 |
| 2018-12-04 | CVE-2018-12306 | Path Traversal vulnerability in Asustor Data Master 3.1.1 Directory Traversal in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to view arbitrary files by modifying the "file1" URL parameter, a similar issue to CVE-2018-11344. | 7.5 |
| 2018-12-04 | CVE-2018-12305 | Cross-site Scripting vulnerability in Asustor Data Master 3.1.1 Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript by uploading SVG images with embedded JavaScript. | 6.1 |
| 2018-08-27 | CVE-2018-15699 | Cross-site Scripting vulnerability in Asustor Data Master ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a configuration file that is vulnerable to XSS. | 6.1 |
| 2018-08-27 | CVE-2018-15698 | Information Exposure vulnerability in Asustor Data Master ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on the file system when providing the full path to loginimage.cgi. | 6.5 |
| 2018-08-27 | CVE-2018-15697 | Information Exposure vulnerability in Asustor Data Master ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on a share by providing the full path. | 6.5 |