Vulnerabilities > Asustor

DATE CVE VULNERABILITY TITLE RISK
2018-12-04 CVE-2018-12310 Cross-site Scripting vulnerability in Asustor Data Master 3.1.1
Cross-site scripting in the Login page in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript via the System Announcement feature.
network
asustor CWE-79
3.5
2018-12-04 CVE-2018-12309 Path Traversal vulnerability in Asustor Data Master 3.1.1
Directory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to upload files to arbitrary locations by modifying the "path" URL parameter.
network
low complexity
asustor CWE-22
5.0
2018-12-04 CVE-2018-12308 Information Exposure vulnerability in Asustor Data Master 3.1.1
Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 allows attackers to obtain the encryption key via the "encrypt_key" URL parameter.
network
low complexity
asustor CWE-200
4.0
2018-12-04 CVE-2018-12307 OS Command Injection vulnerability in Asustor Data Master 3.1.1
OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "name" POST parameter.
network
low complexity
asustor CWE-78
critical
9.0
2018-12-04 CVE-2018-12306 Path Traversal vulnerability in Asustor Data Master 3.1.1
Directory Traversal in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to view arbitrary files by modifying the "file1" URL parameter, a similar issue to CVE-2018-11344.
network
low complexity
asustor CWE-22
5.0
2018-12-04 CVE-2018-12305 Cross-site Scripting vulnerability in Asustor Data Master 3.1.1
Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript by uploading SVG images with embedded JavaScript.
network
asustor CWE-79
4.3
2018-08-27 CVE-2018-15699 Cross-site Scripting vulnerability in Asustor Data Master
ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a configuration file that is vulnerable to XSS.
network
asustor CWE-79
4.3
2018-08-27 CVE-2018-15698 Information Exposure vulnerability in Asustor Data Master
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on the file system when providing the full path to loginimage.cgi.
network
low complexity
asustor CWE-200
6.8
2018-08-27 CVE-2018-15697 Information Exposure vulnerability in Asustor Data Master
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on a share by providing the full path.
network
low complexity
asustor CWE-200
4.0
2018-08-27 CVE-2018-15696 Information Exposure vulnerability in Asustor Data Master
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to enumerate all user accounts via user.cgi.
network
low complexity
asustor CWE-200
4.0