Sql injection

Improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in webapi component in Synology CardDAV Server before 6.0.10-0153 allows remote authenticated users to inject SQL commands via unspecified vectors...

Synology Calendar Cross-Site Request Forgery Vulnerability

Synology Calendar, a file protection application running on Synology NAS devices from Synology, Taiwan, China, is vulnerable to cross-site request spoofing in versions prior to Synology Calendar 2.3.4-0631, which stems from a webapi component that does not adequately validate that the request is...

PT-2022-15631 · Synology · Synology Webdav Server

Name of the Vulnerable Software and Affected Versions: Synology WebDAV Server versions prior to 2.4.0-0062 Description: The issue is related to an improper limitation of a pathname to a restricted directory, also known as a 'Path Traversal' vulnerability, in the webapi component. This allows remo...

PT-2022-18518 · Synology · Synology Carddav Server

Name of the Vulnerable Software and Affected Versions: Synology CardDAV Server versions prior to 6.0.10-0153 Description: The issue is related to improper neutralization of special elements used in an SQL command, allowing remote authenticated users to inject SQL commands via unspecified vectors...

Path traversal

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in webapi component in Synology DiskStation Manager DSM before 6.2.3-25423 allows remote authenticated users to delete arbitrary files via unspecified vectors...

CVE-2022-27610

The CVE-2022-27610 entry describes a path traversal vulnerability in the webapi component of Synology DiskStation Manager (DSM) prior to 6.2.3-25423. The flaw allows remote authenticated users to delete arbitrary files via unspecified vectors, due to improper limitation of a pathname to a restric...

Vulnerability fixed in Synology DiskStation Manager

Synology has fixed a vulnerability in Diskstation Manager. The vulnerability is located in the webapi component of DiskStation Manager. An authenticated malicious party can perform a path traversal attack that results in the following categories of damage: Denial-of-Service DoS. Manipulation of...

Synology DiskStation Manager 路径遍历漏洞

Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology Inc. of Taiwan, China. The operating system manages information such as data, files, photos, music, and more. A path traversal vulnerability exists in Synology DiskStation Manager DSM, whi...

CVE-2022-22686

Cross-Site Request Forgery CSRF vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to hijack the authentication of administrators via unspecified vectors...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to hijack the authentication of administrators via unspecified vectors...

CVE-2022-22686

The CVE-2022-22686 issue affects Synology Calendar’s webapi component. In versions prior to 2.3.4-0631, CSRF allows remote authenticated users to hijack the administrator’s session (vectors not specified). Impact is elevated access to admin actions; explicit exploitation details are not provided ...

CVE-2022-22686

Cross-Site Request Forgery CSRF vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to hijack the authentication of administrators via unspecified vectors...

CVE-2022-27611

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in webapi component in Synology Audio Station before 6.5.4-3367 allows remote authenticated users to delete arbitrary files via unspecified vectors...

CVE-2022-27610

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in webapi component in Synology DiskStation Manager DSM before 6.2.3-25423 allows remote authenticated users to delete arbitrary files via unspecified vectors...

CVE-2022-22686

Cross-Site Request Forgery CSRF vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to hijack the authentication of administrators via unspecified vectors...

CVE-2022-22685

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in webapi component in Synology WebDAV Server before 2.4.0-0062 allows remote authenticated users to delete arbitrary files via unspecified vectors...

CVE-2022-36304

Vesta v1.0.0-5 was discovered to contain a cross-site scripting XSS vulnerability via the generateresponse function at /web/api/v1/upload/UploadHandler.php...

GHSA-C38M-9668-6J2W Magento Improper input validation vulnerability

Magento versions 2.4.2 and earlier, 2.4.1-p1 and earlier and 2.3.6-p1 and earlier are affected by an Improper input validation vulnerability in the New customer WebAPI.Successful exploitation could allow an attacker to send unsolicited spam e-mails...

Magento Improper input validation vulnerability

Magento versions 2.4.2 and earlier, 2.4.1-p1 and earlier and 2.3.6-p1 and earlier are affected by an Improper input validation vulnerability in the New customer WebAPI.Successful exploitation could allow an attacker to send unsolicited spam e-mails...

Magento OS command injection via the WebAPI

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to OS command injection via the WebAPI. Successful exploitation could lead to remote code execution by an authenticated attacker. Access to the admin console is required for successful exploitation...