21 matches found
EUVD-2017-7306
Malware in sbrugna...
EUVD-2022-32114
Malicious code in bioql PyPI...
CVE-2022-27613
Improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in webapi component in Synology CardDAV Server before 6.0.10-0153 allows remote authenticated users to inject SQL commands via unspecified vectors...
Sql injection
Improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in webapi component in Synology CardDAV Server before 6.0.10-0153 allows remote authenticated users to inject SQL commands via unspecified vectors...
CVE-2022-27613
CVE-2022-27613 is a SQL injection vulnerability in the webapi component of Synology CardDAV Server, affecting versions prior to 6.0.10-0153. The issue stems from improper neutralization of special elements used in SQL commands, allowing remote authenticated users to inject SQL via unspecified vec...
CVE-2022-27613
Improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in webapi component in Synology CardDAV Server before 6.0.10-0153 allows remote authenticated users to inject SQL commands via unspecified vectors...
Synology CardDAV Server SQL注入漏洞
Synology CardDAV Server is a contact management package from Synology China. It allows you to synchronize and access the address book on Synology NAS. A SQL injection vulnerability exists in Synology CardDAV Server versions prior to 6.0.10-0153, which stems from improper elimination of special...
PT-2022-18518 · Synology · Synology Carddav Server
Name of the Vulnerable Software and Affected Versions: Synology CardDAV Server versions prior to 6.0.10-0153 Description: The issue is related to improper neutralization of special elements used in an SQL command, allowing remote authenticated users to inject SQL commands via unspecified vectors...
CVE-2022-27613
Improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in webapi component in Synology CardDAV Server before 6.0.10-0153 allows remote authenticated users to inject SQL commands via unspecified vectors...
Nextcloud Contacts Cross-Site Scripting Vulnerability (CNVD-2021-03032)
Nextcloud Contacts is the user interface for Nextcloud's CardDAV server. A cross-site scripting vulnerability exists in Nextcloud Contacts 3.3.0. The vulnerability stems from a missing file type check. An attacker can exploit this vulnerability by uploading a malicious SVG file to conduct a...
Nextcloud 跨站脚本漏洞
Nextcloud Contacts is the user interface for Nextcloud's CardDAV server. A cross-site scripting vulnerability exists in Nextcloud Contacts 3.4.0. The vulnerability stems from a missing file type check. The vulnerability can be exploited to conduct cross-site scripting attacks by uploading SVG fil...
Synology CardDAV Server Cross-Site Scripting Vulnerability
Synology CardDAV Server is a Synology application for synchronizing address books, and Address Book Editor is one of the address book editors. A cross-site scripting vulnerability exists in Address Book Editor in Synology CardDAV Server versions prior to 6.0.8-0086. The vulnerability can be...
Cross site scripting
Cross-site scripting XSS vulnerability in Address Book Editor in Synology CardDAV Server before 6.0.8-0086 allows remote authenticated users to inject arbitrary web script or HTML via the 1 familyname, 2 givenname, or 3 additionalname parameter...
CVE-2018-8928
Cross-site scripting XSS vulnerability in Address Book Editor in Synology CardDAV Server before 6.0.8-0086 allows remote authenticated users to inject arbitrary web script or HTML via the 1 familyname, 2 givenname, or 3 additionalname parameter...
CVE-2018-8928
Cross-site scripting XSS vulnerability in Address Book Editor in Synology CardDAV Server before 6.0.8-0086 allows remote authenticated users to inject arbitrary web script or HTML via the 1 familyname, 2 givenname, or 3 additionalname parameter...
CVE-2018-8928
Cross-site scripting XSS vulnerability in Address Book Editor in Synology CardDAV Server before 6.0.8-0086 allows remote authenticated users to inject arbitrary web script or HTML via the 1 familyname, 2 givenname, or 3 additionalname parameter...
CVE-2018-8928
Synology CardDAV Server’s Address Book Editor is affected by a cross-site scripting (XSS) vulnerability prior to version 6.0.8-0086. The issue allows remote authenticated users to inject arbitrary web script or HTML via the family_name, given_name, or additional_name parameters. Corroborating sou...
Synology CardDAV Server Information Disclosure Vulnerability
Synology CardDAV Server is a contact management application that allows you to easily synchronize and access your address book. An information disclosure vulnerability exists in Synology CardDAV Server, which can be exploited by remote attackers to obtain user credentials via brute force attack...
Authentication flaw
An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server before 6.0.7-0085 allows remote attackers to obtain user credentials via a brute-force attack...
CVE-2017-15887
CVE-2017-15887 describes an improper restriction of excessive authentication attempts in the Synology CardDAV Server, affecting versions before 6.0.7-0085. The vulnerability is triggered via brute-forcing on the /principals endpoint, enabling remote attackers to obtain user credentials. According...