Matthew Fulton

13 exploits Active since Sep 2017
CVE-2017-12615 NOMISEC HIGH WORKING POC
Apache Tomcat 7.0.0-7.0.79 - Unauthenticated Remote Code Execution via JSP Upload
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
11 stars
CVSS 8.1
CVE-2018-11510 WRITEUP CRITICAL WORKING POC
ASUSTOR ADM < 3.1.2.rhg1 - Unauthenticated Remote Code Execution via script Parameter
The ASUSTOR ADM 3.1.0.RFQ3 NAS portal suffers from an unauthenticated remote code execution vulnerability in the portal/apis/aggrecate_js.cgi file by embedding OS commands in the 'script' parameter.
CVSS 9.8
CVE-2018-11340 WRITEUP HIGH WORKING POC
ASUSTOR AS6202T ADM < 3.1.0.RFQ3 - Unauthenticated Arbitrary File Upload via importuser.cgi
An unrestricted file upload vulnerability in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data to a specified filename. This can be used to place attacker controlled code on the file system that is then executed.
CVSS 7.2
CVE-2018-11341 WRITEUP HIGH WORKING POC
ASUSTOR AS6202T ADM < 3.1.0.RFQ3 - Path Traversal via importuser.cgi filename Parameter
Directory traversal in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to navigate the file system via the filename parameter.
CVSS 7.2
CVE-2018-11342 WRITEUP MEDIUM WORKING POC
ASUSTOR AS6202T ADM < 3.1.0.RFQ3 - Path Traversal via fileExplorer.cgi dest_folder Parameter
A path traversal vulnerability in fileExplorer.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a path to a file on the system to create folders via the dest_folder parameter.
CVSS 4.3
CVE-2018-11343 WRITEUP MEDIUM WORKING POC
ASUSTOR SoundsGood - Stored Cross-Site Scripting via Playlist Parameter
A persistent cross site scripting vulnerability in playlistmanger.cgi in the ASUSTOR SoundsGood application allows attackers to store cross site scripting payloads via the 'playlist' POST parameter.
CVSS 5.4
CVE-2018-11344 WRITEUP MEDIUM WORKING POC
ASUSTOR AS6202T ADM < 3.1.0.RFQ3 - Path Traversal via download.cgi file1 Parameter
A path traversal vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a file on the system to download via the file1 parameter.
CVSS 6.5
CVE-2018-11345 WRITEUP HIGH WORKING POC
ASUSTOR AS6202T ADM < 3.1.0.RFQ3 - Unrestricted File Upload and Path Traversal via upload.cgi filename Parameter
An unrestricted file upload vulnerability in upload.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data via the POST parameter filename. This can be used to place attacker controlled code on the file system that can then be executed. Further, the filename parameter is vulnerable to path traversal and allows the attacker to place the file anywhere on the system.
CVSS 8.8
CVE-2018-11346 WRITEUP MEDIUM WORKING POC
ASUSTOR AS6202T ADM 3.1.0.RFQ3 - Info Disclosure
An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the "download_sys_settings" action and then specify files arbitrarily throughout the system via the act parameter.
CVSS 4.3
CVE-2018-11510 EXPLOITDB CRITICAL text WRITEUP
ASUSTOR ADM < 3.1.2.rhg1 - Unauthenticated Remote Code Execution via script Parameter
The ASUSTOR ADM 3.1.0.RFQ3 NAS portal suffers from an unauthenticated remote code execution vulnerability in the portal/apis/aggrecate_js.cgi file by embedding OS commands in the 'script' parameter.
CVSS 9.8
CVE-2018-11509 EXPLOITDB CRITICAL text WRITEUP
ASUSTOR ADM 3.1.0.RFQ3 - Use of Hard-coded Credentials
ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell.
CVSS 9.8
CVE-2018-11510 EXPLOITDB CRITICAL python WORKING POC
ASUSTOR ADM < 3.1.2.rhg1 - Unauthenticated Remote Code Execution via script Parameter
The ASUSTOR ADM 3.1.0.RFQ3 NAS portal suffers from an unauthenticated remote code execution vulnerability in the portal/apis/aggrecate_js.cgi file by embedding OS commands in the 'script' parameter.
CVSS 9.8
CVE-2018-11511 EXPLOITDB CRITICAL text WRITEUP
ASUSTOR ADM 3.1.0.RFQ3 - SQL Injection via Photo Gallery Tree List Album ID or Scope Parameter
The tree list functionality in the photo gallery application in ASUSTOR ADM 3.1.0.RFQ3 has a SQL injection vulnerability that affects the 'album_id' or 'scope' parameter via a photo-gallery/api/album/tree_lists/ URI.
CVSS 9.8