QNAP Music Station/Malware Remover未授权远程代码执行漏洞（CVE-2020-36197 CVE-2020-36198）

QNAP MusicStation/MalwareRemover Pre-Auth Remote Code Execution Summary QNAP MusicStation and MalwareRemover official apps are affected by an arbitrary file upload and a command injection vulnerabilities, leading to pre-auth remote root command execution. Product description from vendor “QNAP...

QNAP MusicStation / MalwareRemover File Upload / Command Injection Vulnerabilities

QNAP MusicStation/MalwareRemover Pre-Auth Remote Code Execution Summary QNAP MusicStation and MalwareRemover official apps are affected by an arbitrary file upload and a command injection vulnerabilities, leading to pre-auth remote root command execution. Product description from vendor “QNAP...

QNAP NAS MusicStation Directory Traversal Arbitrary File Creation Vulnerability

This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of QNAP NAS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MusicStation application. When parsing the arttype request parameter, the process...

QNAP PhotoStation 5.2.4 / MusicStation 4.8.4 Authentication Bypass

Exploit QNAP PhotoStation 5.2.4 and MusicStation 4.8.4 Authentication Bypass Date: 10.05.2017 Software Link: https://www.qnap.com Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ Category: web 1. Description $COOKIESTATIONSID is not...

QNAP PhotoStation 5.2.4 MusicStation 4.8.4 - Authentication Bypass

QNAP PhotoStation 5.2.4 MusicStation 4.8.4 - Authentication Bypass Exploit QNAP PhotoStation 5.2.4 and MusicStation 4.8.4 Authentication Bypass Date: 10.05.2017 Software Link: https://www.qnap.com Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website:...

QNAP PhotoStation 5.2.4 / MusicStation 4.8.4 - Authentication Bypass Vulnerability

Exploit for php platform in category web applications Exploit QNAP PhotoStation 5.2.4 and MusicStation 4.8.4 Authentication Bypass Date: 10.05.2017 Software Link: https://www.qnap.com Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/...

QNAP PhotoStation 5.2.4 / MusicStation 4.8.4 - Authentication Bypass

Exploit QNAP PhotoStation 5.2.4 and MusicStation 4.8.4 Authentication Bypass Date: 10.05.2017 Software Link: https://www.qnap.com Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ Category: web 1. Description $COOKIESTATIONSID is not...