|
247081
|
8.8 |
HIGH
Network
|
asustor
|
data_master
|
OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "secret_key" URL parameter.
|
CWE-78
OS Command
|
CVE-2018-12312
|
2024-11-21 12:44 |
2018-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247082
|
5.4 |
MEDIUM
Network
|
asustor
|
data_master
|
Cross-site scripting vulnerability in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute arbitrary JavaScript when a file is moved via a malicious filename.
|
CWE-79
Cross-site Scripting
|
CVE-2018-12311
|
2024-11-21 12:44 |
2018-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247083
|
5.4 |
MEDIUM
Network
|
asustor
|
data_master
|
Cross-site scripting in the Login page in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript via the System Announcement feature.
|
CWE-79
Cross-site Scripting
|
CVE-2018-12310
|
2024-11-21 12:44 |
2018-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247084
|
7.5 |
HIGH
Network
|
asustor
|
data_master
|
Directory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to upload files to arbitrary locations by modifying the "path" URL parameter. NOTE: the "filename" POST parameter is c…
|
CWE-22
Path Traversal
|
CVE-2018-12309
|
2024-11-21 12:44 |
2018-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247085
|
6.5 |
MEDIUM
Network
|
asustor
|
data_master
|
Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 allows attackers to obtain the encryption key via the "encrypt_key" URL parameter.
|
CWE-200
Information Exposure
|
CVE-2018-12308
|
2024-11-21 12:44 |
2018-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247086
|
8.8 |
HIGH
Network
|
asustor
|
data_master
|
OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "name" POST parameter.
|
CWE-78
OS Command
|
CVE-2018-12307
|
2024-11-21 12:44 |
2018-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247087
|
7.5 |
HIGH
Network
|
asustor
|
data_master
|
Directory Traversal in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to view arbitrary files by modifying the "file1" URL parameter, a similar issue to CVE-2018-11344.
|
CWE-22
Path Traversal
|
CVE-2018-12306
|
2024-11-21 12:44 |
2018-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247088
|
6.1 |
MEDIUM
Network
|
asustor
|
data_master
|
Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript by uploading SVG images with embedded JavaScript.
|
CWE-79
Cross-site Scripting
|
CVE-2018-12305
|
2024-11-21 12:44 |
2018-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247089
|
7.8 |
HIGH
Local
|
symantec
|
endpoint_protection
|
Symantec Endpoint Protection prior to 14.2 MP1 may be susceptible to a DLL Preloading vulnerability, which in this case is an issue that can occur when an application being installed unintentionally …
|
CWE-426
Untrusted Search Path
|
CVE-2018-12245
|
2024-11-21 12:44 |
2018-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247090
|
6.8 |
MEDIUM
Physics
|
symantec
|
endpoint_protection_cloud
endpoint_protection
norton_antivirus
|
Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; an…
|
NVD-CWE-noinfo
|
CVE-2018-12239
|
2024-11-21 12:44 |
2018-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
