EUVD-2013-0187

Malware in sbrugna...

CVE-2013-5760

QNAP Photo Station before firmware 4.0.3 build0912 allows remote attackers to list OS user accounts via a request to photo/p/api/list.php...

Cross site request forgery (csrf)

QNAP Photo Station before firmware 4.0.3 build0912 allows remote attackers to list OS user accounts via a request to photo/p/api/list.php...

CVE-2013-0143

cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by leveraging guest access and placing shell metacharacters in the query string...

CVE-2013-0144

Cross-site request forgery CSRF vulnerability in cgi-bin/createuser.cgi on QNAP VioStor NVR devices with firmware 4.0.3 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via a NEW USER action...

Design/Logic Flaw

cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by leveraging guest access and placing shell metacharacters in the query string...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in cgi-bin/createuser.cgi on QNAP VioStor NVR devices with firmware 4.0.3 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via a NEW USER action...

CVE-2013-0143

cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by leveraging guest access and placing shell metacharacters in the query string...

CVE-2013-0144

CVE-2013-0144 is a CSRF vulnerability in QNAP VioStor NVR devices (firmware 4.0.3) where an attacker can trick an authenticated administrator into crafting requests via cgi-bin/create_user.cgi?NEW USER, potentially creating new admin accounts. The related Red Hat/NVD entries describe the same iss...

CVE-2013-0143

CVE-2013-0143 affects QNAP VioStor NVR devices (firmware 4.0.3 and possibly earlier) and the Surveillance Station Pro component in QNAP NAS. A remote authenticated user could trigger arbitrary command execution by supplying shell metacharacters in the query string to cgi-bin/pingping.cgi, leverag...

CVE-2013-0142

CVE-2013-0142 affects QNAP VioStor NVR devices (firmware 4.0.3 and possibly earlier) and the Surveillance Station Pro component in QNAP NAS. The root cause is a hardcoded guest account that can be leveraged to obtain web-server login access, enabling remote attackers to access administrative func...

CVE-2013-0144

Cross-site request forgery CSRF vulnerability in cgi-bin/createuser.cgi on QNAP VioStor NVR devices with firmware 4.0.3 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via a NEW USER action...

CVE-2013-0142

QNAP VioStor NVR devices with firmware 4.0.3, and the Surveillance Station Pro component in QNAP NAS, have a hardcoded guest account, which allows remote attackers to obtain web-server login access via unspecified vectors...

QNAP VioStor NVR QNAP NAS - Remote Code Execution

QNAP VioStor NVR QNAP NAS - Remote Code Execution source: https://www.securityfocus.com/bid/60354/info QNAP VioStor NVR and QNAP NAS are prone to a remote code-execution vulnerability. Successfully exploiting this issue may allow an attacker to execute arbitrary code with elevated privileges in t...

QNAP VioStor NVR / QNAP NAS - Remote Code Execution

source: https://www.securityfocus.com/bid/60354/info QNAP VioStor NVR and QNAP NAS are prone to a remote code-execution vulnerability. Successfully exploiting this issue may allow an attacker to execute arbitrary code with elevated privileges in the context of the user running the affected...