Search Results | AttackerKB

Show filters

Topics 300 Users 9,726

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

300 Total Results

Displaying 281-290 of 300

Attacker Value

Unknown

CVE-2016-10323

Disclosure Date: April 10, 2017 (last updated November 26, 2024)

Synology Photo Station before 6.3-2958 allows local users to gain privileges by leveraging setuid execution of a "synophoto_dsm_user --copy-no-ea" command.

0

Attacker Value

Unknown

CVE-2016-10322

Disclosure Date: April 10, 2017 (last updated November 26, 2024)

Synology Photo Station before 6.3-2958 allows remote authenticated guest users to execute arbitrary commands via shell metacharacters in the X-Forwarded-For HTTP header to photo/login.php.

0

Attacker Value

Unknown

CVE-2015-6911

Disclosure Date: September 11, 2015 (last updated October 05, 2023)

SQL injection vulnerability in Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary SQL commands via the id parameter to watchstatus.cgi.

0

Attacker Value

Unknown

CVE-2015-6913

Disclosure Date: September 11, 2015 (last updated October 05, 2023)

Cross-site scripting (XSS) vulnerability in the "Create download task via URL" feature in Synology Download Station before 3.5-2967 allows remote attackers to inject arbitrary web script or HTML via the urls parameter in an add_url_task action to dlm/downloadman.cgi.

0

Attacker Value

Unknown

CVE-2015-6910

Disclosure Date: September 11, 2015 (last updated October 05, 2023)

SQL injection vulnerability in Synology Video Station before 1.5-0757 allows remote attackers to execute arbitrary SQL commands via the id parameter to audiotrack.cgi.

0

Attacker Value

Unknown

CVE-2015-6909

Disclosure Date: September 11, 2015 (last updated October 05, 2023)

Cross-site scripting (XSS) vulnerability in the "Create download task via file upload" feature in Synology Download Station before 3.5-2962 allows remote attackers to inject arbitrary web script or HTML via the name element in the Info dictionary in a torrent file.

0

Attacker Value

Unknown

CVE-2015-6912

Disclosure Date: September 11, 2015 (last updated October 05, 2023)

Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary shell commands via shell metacharacters in the subtitle_codepage parameter to subtitle.cgi.

0

Attacker Value

Unknown

CVE-2015-4655

Disclosure Date: June 18, 2015 (last updated January 15, 2025)

Cross-site scripting (XSS) vulnerability in Synology DiskStation Manager (DSM) before 5.2-5565 Update 1 allows remote attackers to inject arbitrary web script or HTML via the "compound" parameter to entry.cgi.

0

Attacker Value

Unknown

CVE-2015-4656

Disclosure Date: June 18, 2015 (last updated October 05, 2023)

Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station before 6.3-2945 allow remote attackers to inject arbitrary web script or HTML via the (1) success parameter to login.php or (2) crafted URL parameters to index.php, as demonstrated by the t parameter to photo/.

0

Attacker Value

Unknown

CVE-2015-2851

Disclosure Date: May 30, 2015 (last updated October 05, 2023)

client_chown in the sync client in Synology Cloud Station 1.1-2291 through 3.1-3320 on OS X allows local users to change the ownership of arbitrary files, and consequently obtain root access, by specifying a filename.

0