Synology DiskStation Manager 4.3-x < 4.3-3810 Update 1 Multiple Vulnerabilities

According to its version number, the Synology DiskStation Manager installed on the remote host is 4.3-x equal or prior to 4.3-3810. It is, therefore, affected by the following vulnerabilities : - A remote code execution vulnerability exists in the File Station component due to improper validation...

CVE-2013-6955

webman/imageSelector.cgi in Synology DiskStation Manager DSM 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header...

CVE-2013-6955

Summary of CVE-2013-6955 – Synology DiskStation Manager Affected product: Synology DiskStation Manager (DSM) with webman/imageSelector.cgi as part of the File Station component. Vulnerability: Remote code execution via SLICEUPLOAD. An attacker can append data to an arbitrary file by sending a spe...

Synology DiskStation Manager SLICEUPLOAD Remote Command Execution

This Metasploit module exploits a vulnerability found in Synology DiskStation Manager DSM versions 4.x, which allows the execution of arbitrary commands under root privileges. The vulnerability is located in /webman/imageSelector.cgi, which allows to append arbitrary data to a given file using a ...