IDCVSSSummaryLast (major) updatePublished
CVE-2018-12307 9.0
OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "name" POST parameter.
20-12-2018 - 20:55 04-12-2018 - 17:29
CVE-2018-12319 5.0
Denial-of-service in the login page of ASUSTOR ADM 3.1.1 allows attackers to prevent users from signing in by placing malformed text in the title.
03-10-2019 - 00:03 04-12-2018 - 17:29
CVE-2018-12310 3.5
Cross-site scripting in the Login page in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript via the System Announcement feature.
20-12-2018 - 20:46 04-12-2018 - 17:29
CVE-2018-12311 3.5
Cross-site scripting vulnerability in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute arbitrary JavaScript when a file is moved via a malicious filename.
20-12-2018 - 20:42 04-12-2018 - 17:29
CVE-2018-12316 9.0
OS Command Injection in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands by modifying the filename POST parameter.
21-12-2018 - 13:04 04-12-2018 - 17:29
CVE-2018-12315 4.0
Missing verification of a password in ASUSTOR ADM version 3.1.1 allows attackers to change account passwords without entering the current password.
03-10-2019 - 00:03 04-12-2018 - 17:29
CVE-2018-12309 5.0
Directory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to upload files to arbitrary locations by modifying the "path" URL parameter. NOTE: the "filename" POST parameter is covered by CVE-2018-11345.
27-12-2018 - 14:44 04-12-2018 - 17:29
CVE-2018-12313 10.0
OS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands without authentication via the "rocommunity" URL parameter.
03-10-2019 - 00:03 04-12-2018 - 17:29
CVE-2018-12308 4.0
Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 allows attackers to obtain the encryption key via the "encrypt_key" URL parameter.
03-10-2019 - 00:03 04-12-2018 - 17:29
CVE-2018-12312 9.0
OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "secret_key" URL parameter.
20-12-2018 - 20:23 04-12-2018 - 17:29
CVE-2018-12306 5.0
Directory Traversal in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to view arbitrary files by modifying the "file1" URL parameter, a similar issue to CVE-2018-11344.
27-12-2018 - 14:47 04-12-2018 - 17:29
CVE-2018-12318 4.0
Information disclosure in the SNMP settings page in ASUSTOR ADM version 3.1.1 allows attackers to obtain the SNMP password in cleartext.
24-08-2020 - 17:37 04-12-2018 - 17:29
CVE-2018-12314 7.8
Directory Traversal in downloadwallpaper.cgi in ASUSTOR ADM version 3.1.1 allows attackers to download arbitrary files by manipulating the "file" and "folder" URL parameters.
21-12-2018 - 13:06 04-12-2018 - 17:29
Back to Top Mark selected
Back to Top