Security Vulnerabilities - CVEs Published In 2018
OS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands without authentication via the "rocommunity" URL parameter.
CVSS Score
9.8
EPSS Score
0.052
Published
2018-12-04
Directory Traversal in downloadwallpaper.cgi in ASUSTOR ADM version 3.1.1 allows attackers to download arbitrary files by manipulating the "file" and "folder" URL parameters.
CVSS Score
7.5
EPSS Score
0.01
Published
2018-12-04
Missing verification of a password in ASUSTOR ADM version 3.1.1 allows attackers to change account passwords without entering the current password.
CVSS Score
6.5
EPSS Score
0.001
Published
2018-12-04
OS Command Injection in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands by modifying the filename POST parameter.
CVSS Score
8.8
EPSS Score
0.12
Published
2018-12-04
OS command injection in group.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root by modifying the "name" POST parameter.
CVSS Score
8.8
EPSS Score
0.12
Published
2018-12-04
Information disclosure in the SNMP settings page in ASUSTOR ADM version 3.1.1 allows attackers to obtain the SNMP password in cleartext.
CVSS Score
8.8
EPSS Score
0.003
Published
2018-12-04
Denial-of-service in the login page of ASUSTOR ADM 3.1.1 allows attackers to prevent users from signing in by placing malformed text in the title.
CVSS Score
7.5
EPSS Score
0.004
Published
2018-12-04
Re-entry of a destructor in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.025
Published
2018-12-04
panel/login in Kirby v2.5.12 allows XSS via a blog name.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-12-04
panel/uploads/#elf_l1_XA in Subrion CMS v4.2.1 allows XSS via an SVG file with JavaScript in a SCRIPT element.
CVSS Score
4.8
EPSS Score
0.003
Published
2018-12-04