Vendor CVEs
Asustor
All CVEs
59 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-12309 | 0.00 | — | 0.01 | Dec 4, 2018 | Directory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to upload files to arbitrary locations by modifying the "path" URL parameter. NOTE: the "filename" POST parameter is covered by CVE-2018-11345. | |||
| CVE-2018-12305 | 0.00 | — | 0.01 | Dec 4, 2018 | Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript by uploading SVG images with embedded JavaScript. | |||
| CVE-2018-12311 | 0.00 | — | 0.01 | Dec 4, 2018 | Cross-site scripting vulnerability in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute arbitrary JavaScript when a file is moved via a malicious filename. | |||
| CVE-2018-12319 | 0.00 | — | 0.01 | Dec 4, 2018 | Denial-of-service in the login page of ASUSTOR ADM 3.1.1 allows attackers to prevent users from signing in by placing malformed text in the title. | |||
| CVE-2018-12308 | 0.00 | — | 0.01 | Dec 4, 2018 | Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 allows attackers to obtain the encryption key via the "encrypt_key" URL parameter. | |||
| CVE-2018-12314 | 0.00 | — | 0.02 | Dec 4, 2018 | Directory Traversal in downloadwallpaper.cgi in ASUSTOR ADM version 3.1.1 allows attackers to download arbitrary files by manipulating the "file" and "folder" URL parameters. | |||
| CVE-2018-12315 | 0.00 | — | 0.01 | Dec 4, 2018 | Missing verification of a password in ASUSTOR ADM version 3.1.1 allows attackers to change account passwords without entering the current password. | |||
| CVE-2018-12310 | 0.00 | — | 0.01 | Dec 4, 2018 | Cross-site scripting in the Login page in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript via the System Announcement feature. | |||
| CVE-2018-12306 | 0.00 | — | 0.02 | Dec 4, 2018 | Directory Traversal in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to view arbitrary files by modifying the "file1" URL parameter, a similar issue to CVE-2018-11344. |
- CVE-2018-12309Dec 4, 2018risk 0.00cvss —epss 0.01
Directory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to upload files to arbitrary locations by modifying the "path" URL parameter. NOTE: the "filename" POST parameter is covered by CVE-2018-11345.
- CVE-2018-12305Dec 4, 2018risk 0.00cvss —epss 0.01
Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript by uploading SVG images with embedded JavaScript.
- CVE-2018-12311Dec 4, 2018risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute arbitrary JavaScript when a file is moved via a malicious filename.
- CVE-2018-12319Dec 4, 2018risk 0.00cvss —epss 0.01
Denial-of-service in the login page of ASUSTOR ADM 3.1.1 allows attackers to prevent users from signing in by placing malformed text in the title.
- CVE-2018-12308Dec 4, 2018risk 0.00cvss —epss 0.01
Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 allows attackers to obtain the encryption key via the "encrypt_key" URL parameter.
- CVE-2018-12314Dec 4, 2018risk 0.00cvss —epss 0.02
Directory Traversal in downloadwallpaper.cgi in ASUSTOR ADM version 3.1.1 allows attackers to download arbitrary files by manipulating the "file" and "folder" URL parameters.
- CVE-2018-12315Dec 4, 2018risk 0.00cvss —epss 0.01
Missing verification of a password in ASUSTOR ADM version 3.1.1 allows attackers to change account passwords without entering the current password.
- CVE-2018-12310Dec 4, 2018risk 0.00cvss —epss 0.01
Cross-site scripting in the Login page in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript via the System Announcement feature.
- CVE-2018-12306Dec 4, 2018risk 0.00cvss —epss 0.02
Directory Traversal in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to view arbitrary files by modifying the "file1" URL parameter, a similar issue to CVE-2018-11344.
Page 2 of 2