Max CVSS | 8.5 | Min CVSS | 4.0 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2018-15694 | 6.0 |
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to upload files to arbitrary locations due to a path traversal vulnerability. This could lead to code execution if the "Web Server" feature is enabled.
|
30-10-2018 - 14:50 | 27-08-2018 - 14:29 | |
CVE-2018-15697 | 4.0 |
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on a share by providing the full path. For example, /home/admin/.ash_history.
|
30-10-2018 - 14:27 | 27-08-2018 - 14:29 | |
CVE-2018-15699 | 4.3 |
ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a configuration file that is vulnerable to XSS. A man in the middle can take advantage of this by inserting Javascript into the configuration files Version field.
|
30-10-2018 - 14:25 | 27-08-2018 - 14:29 | |
CVE-2018-15696 | 4.0 |
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to enumerate all user accounts via user.cgi.
|
30-10-2018 - 14:09 | 27-08-2018 - 14:29 | |
CVE-2018-15698 | 6.8 |
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on the file system when providing the full path to loginimage.cgi.
|
30-10-2018 - 14:00 | 27-08-2018 - 14:29 | |
CVE-2018-15695 | 8.5 |
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to delete any file on the file system due to a path traversal vulnerability in wallpaper.cgi.
|
30-10-2018 - 13:56 | 27-08-2018 - 14:29 |