Code injection

QNAP NAS application Proxy Server through version 1.2.0 does not authenticate requests properly. Successful exploitation can lead to change of the settings of Proxy Server...

Cross site request forgery (csrf)

QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections...

CVE-2017-7635

QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections...

CVE-2017-7637

QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to run arbitrary OS commands against the system with root privileges...

CVE-2017-7635

QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections...

CVE-2017-7636

Cross-site scripting XSS vulnerability in QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to inject arbitrary web script or HTML...

CVE-2017-7639

QNAP NAS application Proxy Server through version 1.2.0 does not authenticate requests properly. Successful exploitation can lead to change of the settings of Proxy Server...

CVE-2017-7637

QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to run arbitrary OS commands against the system with root privileges...

CVE-2017-7639

QNAP NAS application Proxy Server through version 1.2.0 does not authenticate requests properly. Successful exploitation can lead to change of the settings of Proxy Server...

CVE-2017-7636

Cross-site scripting XSS vulnerability in QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to inject arbitrary web script or HTML...

CVE-2017-7635

The CVE-2017-7635 entry concerns QNAP NAS Proxy Server (versions up to 1.2.0) that does not utilize CSRF protections. This lack enables CSRF-style abuse against affected installations, potentially allowing unauthorized state-changing actions initiated by an authenticated user’s session. The provi...

CVE-2017-7637

CVE-2017-7637 affects QNAP NAS Proxy Server up to version 1.2.0. The vulnerability permits remote attackers to execute arbitrary OS commands with root privileges on affected systems. The records describe the vulnerable component as the Proxy Server and indicate a remote-command execution impact; ...

CVE-2017-7639

CVE-2017-7639 affects the QNAP NAS application Proxy Server up to version 1.2.0. The issue is improper authentication of requests, enabling potential unauthorized changes to Proxy Server settings. No remediation steps are provided in the documents. CVSS metrics are listed: CVSSv2 base 5.0 (Medium...

CVE-2017-7635

QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections...

CVE-2017-7636

CVE-2017-7636 is a cross‑site scripting (XSS) vulnerability in the QNAP NAS Proxy Server up to version 1.2.0. The issue enables remote attackers to inject arbitrary web script or HTML into pages served by the Proxy Server. The vulnerability is exploitable remotely over the network, with user inte...

Remote code execution

DISPUTED An issue was discovered in WildFly 10.1.2.Final. It is possible for an attacker to access the administration panel on TCP port 9990 without any authentication using "anonymous" access that is automatically created. Once logged in, a misconfiguration present by default auto-deployment...

CVE-2018-10682

CVE-2018-10682/10683 (WildFly 10.1.2.Final) : Red Hat entries provide concrete detail that an attacker could access the administration panel on TCP port 9990 without authentication via an optional, potentially unsecured anonymous access path, followed by a misconfiguration (auto-deployment) enabl...

Socks5 Proxy Server

This module provides a socks5 proxy server that uses the builtin Metasploit routing to relay connections...

DEBIAN-CVE-2016-9590

puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation of Object Storage swift. During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf...

UBUNTU-CVE-2016-9590

puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation of Object Storage swift. During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf...