Max CVSS 8.5 Min CVSS 4.0 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2018-15694 6.0
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to upload files to arbitrary locations due to a path traversal vulnerability. This could lead to code execution if the "Web Server" feature is enabled.
30-10-2018 - 14:50 27-08-2018 - 14:29
CVE-2018-15697 4.0
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on a share by providing the full path. For example, /home/admin/.ash_history.
30-10-2018 - 14:27 27-08-2018 - 14:29
CVE-2018-15699 4.3
ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a configuration file that is vulnerable to XSS. A man in the middle can take advantage of this by inserting Javascript into the configuration files Version field.
30-10-2018 - 14:25 27-08-2018 - 14:29
CVE-2018-15696 4.0
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to enumerate all user accounts via user.cgi.
30-10-2018 - 14:09 27-08-2018 - 14:29
CVE-2018-15698 6.8
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on the file system when providing the full path to loginimage.cgi.
30-10-2018 - 14:00 27-08-2018 - 14:29
CVE-2018-15695 8.5
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to delete any file on the file system due to a path traversal vulnerability in wallpaper.cgi.
30-10-2018 - 13:56 27-08-2018 - 14:29
Back to Top Mark selected
Back to Top