9 matches found
Synology DiskStation Manager - SLICEUPLOAD Remote Command Execution
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient...
Synology DiskStation Manager 4.3-x < 4.3-3810 Update 1 Multiple Vulnerabilities
According to its version number, the Synology DiskStation Manager installed on the remote host is 4.3-x equal or prior to 4.3-3810. It is, therefore, affected by the following vulnerabilities : - A remote code execution vulnerability exists in the File Station component due to improper validation...
Synology DiskStation Manager 4.0-x < 4.0-2259 / 4.1-x / 4.2-x < 4.2-3243 SLICEUPLOAD Function Remote Code Execution
According to its version number, the Synology DiskStation Manager installed on the remote host is affected by a remote code execution vulnerability. The issue exists due to improper validation of values submitted in the 'X-TMP-FILE' header field along with the 'X-TYPE-NAME: SLICEUPLOAD' header...
CVE-2013-6955
webman/imageSelector.cgi in Synology DiskStation Manager DSM 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header...
Synology DiskStation Manager (DSM) 'imageSelector.cgi' RCE Vulnerability - Active Check
Synology DiskStation Manager DSM is prone to a remote command execution RCE vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE ...
Synology DiskStation Manager远程命令执行漏洞
CVE ID:CVE-2013-6955 Synology DiskStation Manager 是第一个提供网络多任务处理用户接口的NAS操作系统。 该漏洞是位于/ webman/ imageSelector.cgi,允许攻击者以root权限执行任意命。 0 Synology DiskStation Manager 4.x 目前厂商暂无提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http:// www.synology.com This module requires Metasploit: http//metasploit.com/downlo...
Synology DiskStation Manager - SLICEUPLOAD Remote Command Execution (Metasploit)
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 \d+&minor=?\d+&build=?\d+ &junior=\d+&unique=synology\w+?^&+/x def initializeinfo= superupdateinfoinfo, 'Name' = "Synology DiskStation...
Synology DiskStation Manager SLICEUPLOAD Remote Command Execution
This Metasploit module exploits a vulnerability found in Synology DiskStation Manager DSM versions 4.x, which allows the execution of arbitrary commands under root privileges. The vulnerability is located in /webman/imageSelector.cgi, which allows to append arbitrary data to a given file using a ...
Synology DiskStation Manager SLICEUPLOAD Remote Command Execution
This module exploits a vulnerability found in Synology DiskStation Manager DSM versions 4.x, which allows the execution of arbitrary commands under root privileges. The vulnerability is located in /webman/imageSelector.cgi, which allows to append arbitrary data to a given file using a so called...