Show filters
300 Total Results
Displaying 241-250 of 300
Sort by:
Attacker Value
Unknown

CVE-2017-15890

Disclosure Date: December 15, 2017 (last updated November 26, 2024)
Cross-site scripting (XSS) vulnerability in Disclaimer in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary web script or HTML via the NAME parameter.
0
0
Attacker Value
Unknown

CVE-2017-15893

Disclosure Date: December 08, 2017 (last updated November 26, 2024)
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology File Station before 1.1.1-0099 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.
0
0
Attacker Value
Unknown

CVE-2017-15891

Disclosure Date: December 08, 2017 (last updated November 26, 2024)
Improper access control vulnerability in SYNO.Cal.EventBase in Synology Calendar before 2.0.1-0242 allows remote authenticated users to modify calendar event via unspecified vectors.
0
0
Attacker Value
Unknown

CVE-2017-15895

Disclosure Date: December 08, 2017 (last updated November 26, 2024)
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) before 1.1.5-6542-4 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.
0
0
Attacker Value
Unknown

CVE-2017-15894

Disclosure Date: December 08, 2017 (last updated January 15, 2025)
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology DiskStation Manager (DSM) 6.0.x before 6.0.3-8754-3 and before 5.2-5967-6 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.
0
0
Attacker Value
Unknown

CVE-2017-12079

Disclosure Date: December 04, 2017 (last updated November 26, 2024)
Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain arbitrary files via prog_id field.
0
0
Attacker Value
Unknown

CVE-2017-12080

Disclosure Date: December 04, 2017 (last updated November 26, 2024)
An information exposure vulnerability in default HTTP configuration file in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain sensitive system information via .htaccess file.
0
0
Attacker Value
Unknown

CVE-2017-15887

Disclosure Date: November 07, 2017 (last updated November 26, 2024)
An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server before 6.0.7-0085 allows remote attackers to obtain user credentials via a brute-force attack.
0
0
Attacker Value
Unknown

CVE-2017-15888

Disclosure Date: October 30, 2017 (last updated November 26, 2024)
Cross-site scripting (XSS) vulnerability in Custom Internet Radio List in Synology Audio Station before 6.3.0-3260 allows remote authenticated attackers to inject arbitrary web script or HTML via the NAME parameter.
0
0
Attacker Value
Unknown

CVE-2017-14491

Disclosure Date: October 04, 2017 (last updated January 15, 2025)
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
View More Topics  < Previous  Next >