Synology DiskStation Manager Cross-Site Request Forgery (CVE-2024-45538)

Cross-Site Request Forgery CSRF vulnerability in WebAPI Framework in Synology DiskStation Manager DSM before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote attackers to execute arbitrary code via unspecified vectors. This plugin only works wit...

EUVD-2010-3668

Malware in sbrugna...

EUVD-2010-2462

Malware in sbrugna...

Synology DiskStation Manager 代码问题漏洞

Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology, a Chinese company. This operating system manages information such as data, files, photos, music, and more. A code issue vulnerability previously existed in Synology DiskStation Manager...

SRC-2018-0006 : Synology Photo Station SYNOPHOTO_Flickr_MultiUpload Race Condition File Write Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Synology Photo Station. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists...

SRC-2018-0005 : Synology Photo Station LogList Stored Cross Site Scripting Authentication Bypass Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Synology Photo Station. User interaction is not required to exploit this vulnerability. The specific flaw exists when parsing html characters in the LogList function. The issu...

Update Protection against Synology Disk Station FTP Login Web Commands Injection Vulnerability

A remote command injection vulnerability has been discovered in Synology Disk Station. The Synology Disk Station is a product designed for storage purposes of small offices or home users. It supports several terabytes of total storage. A remote attacker may exploit this vulnerability to execute...

CVE-2010-3684

The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-2010-2453...

CVE-2010-2453

Multiple cross-site scripting XSS vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted 1 USER or 2 PASS command, which is written by the FTP logging module to a...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted 1 USER or 2 PASS command, which is written by the FTP logging module to a...

Code injection

The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-2010-2453...

CVE-2010-3684

The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-2010-2453...

CVE-2010-2453

CVE-2010-2453 describes multiple cross-site scripting (XSS) vulnerabilities in Synology DiskStation 2.x, prior to DSM3.0-1337. The issue arises when an attacker uses the FTP server to trigger the FTP logging module to write crafted USER or PASS entries into a web-interface log window, enabling ar...

CVE-2010-3684

CVE-2010-3684 concerns the FTP authentication module in Synology Disk Station 2.x, where passwords are logged to the web interface during incorrect login attempts. This behavior allows local users to read sensitive credentials from the log, and is noted as a different issue from CVE-2010-2453. Co...

CVE-2010-2453

Multiple cross-site scripting XSS vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted 1 USER or 2 PASS command, which is written by the FTP logging module to a...

Web commands injection through FTP Login in Synology Disk Station - CVE-2010-2453

Check Point Software Technologies - Vulnerability Discovery Team VDT http://www.checkpoint.com/defense/ Web commands injection through FTP Login in Synology Disk Station CVE-2010-2453 INTRODUCTION Synology Inc develops high-performance, reliable, versatile, and environmentally-friendly Network...

Synology Disk Station crossite scripting

Crossite scripting on FTP commands logging...

Synology Disk Station Code Execution / Cross Site Request Forgery / Cross Site Scripting

Check Point Software Technologies - Vulnerability Discovery Team VDT http://www.checkpoint.com/defense/ Web commands injection through FTP Login in Synology Disk Station CVE-2010-2453 INTRODUCTION Synology Inc develops high-performance, reliable, versatile, and environmentally-friendly Network...