20 matches found
CVE-2013-0144
Cross-site request forgery CSRF vulnerability in cgi-bin/createuser.cgi on QNAP VioStor NVR devices with firmware 4.0.3 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via a NEW USER action...
QNAP VioStor NVR
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available/known public exploitation Vendor : QNAP Equipment : VioStor NVR Vulnerability : OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability...
CVE-2023-47565
An OS command injection vulnerability has been found to affect legacy QNAP VioStor NVR models running QVR Firmware 4.x. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QVR Firmwar...
CVE-2023-47565
An OS command injection vulnerability has been found to affect legacy QNAP VioStor NVR models running QVR Firmware 4.x. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QVR Firmwar...
Command injection
An OS command injection vulnerability has been found to affect legacy QNAP VioStor NVR models running QVR Firmware 4.x. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QVR Firmwar...
CVE-2023-47565 Legacy VioStor NVR
An OS command injection vulnerability has been found to affect legacy QNAP VioStor NVR models running QVR Firmware 4.x. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QVR Firmwar...
CVE-2023-47565
CVE-2023-47565 affects legacy QNAP VioStor NVRs prior to QVR Firmware 5.x, where an OS command injection (CWE-78) in QVR Firmware 4.x could let an authenticated user execute commands over the network. Affected component is the VioStor NVR’s QVR firmware (pre-5.x). The vulnerability’s root cause i...
QNAP NVRNAS Devices - Buffer Overflow (PoC)
QNAP NVRNAS Devices - Buffer Overflow PoC Device Model: QNAP VioStor NVR, QNAP NAS, Fujitsu Celvin NAS May be additional re-branded Attack Vector: Remote Attack Models: 1. Classic Heap Overflows 2. Classic Stack Overflow 3. Heap Feng Shui Overflow 4. "Heack Combo" Heap / Stack Combination Overflo...
CVE-2013-0142
QNAP VioStor NVR devices with firmware 4.0.3, and the Surveillance Station Pro component in QNAP NAS, have a hardcoded guest account, which allows remote attackers to obtain web-server login access via unspecified vectors...
CVE-2013-0144
Cross-site request forgery CSRF vulnerability in cgi-bin/createuser.cgi on QNAP VioStor NVR devices with firmware 4.0.3 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via a NEW USER action...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in cgi-bin/createuser.cgi on QNAP VioStor NVR devices with firmware 4.0.3 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via a NEW USER action...
CVE-2013-0143
cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by leveraging guest access and placing shell metacharacters in the query string...
CVE-2013-0143
CVE-2013-0143 affects QNAP VioStor NVR devices (firmware 4.0.3 and possibly earlier) and the Surveillance Station Pro component in QNAP NAS. A remote authenticated user could trigger arbitrary command execution by supplying shell metacharacters in the query string to cgi-bin/pingping.cgi, leverag...
CVE-2013-0143
cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by leveraging guest access and placing shell metacharacters in the query string...
CVE-2013-0142
QNAP VioStor NVR devices with firmware 4.0.3, and the Surveillance Station Pro component in QNAP NAS, have a hardcoded guest account, which allows remote attackers to obtain web-server login access via unspecified vectors...
QNAP VioStor NVR / QNAP NAS Devices Multiple Vulnerabilities (Jun 2013) - Active Check
QNAP VioStor NVR / QNAP NAS devices are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...
QNAP VioStor NVR / QNAP NAS Devices RCE Vulnerability (Jun 2013) - Active Check
QNAP VioStor NVR / QNAP NAS devices are prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if...
QNAP VioStor NVR QNAP NAS - Remote Code Execution
QNAP VioStor NVR QNAP NAS - Remote Code Execution source: https://www.securityfocus.com/bid/60354/info QNAP VioStor NVR and QNAP NAS are prone to a remote code-execution vulnerability. Successfully exploiting this issue may allow an attacker to execute arbitrary code with elevated privileges in t...
QNAP VioStor NVR / QNAP NAS - Remote Code Execution
source: https://www.securityfocus.com/bid/60354/info QNAP VioStor NVR and QNAP NAS are prone to a remote code-execution vulnerability. Successfully exploiting this issue may allow an attacker to execute arbitrary code with elevated privileges in the context of the user running the affected...
QNAP VioStor NVR firmware version 4.0.3 and QNAP NAS multiple vulnerabilities
Overview QNAP VioStor NVR firmware version 4.0.3 and possibly earlier versions and QNAP NAS contains multiple vulnerabilities which may allow an attacker to perform administrative functions against the hosted server. Description QNAP VioStor NVR firmware version 4.0.3 and possibly earlier version...