223 matches found
CVE-2024-29228
Missing authorization vulnerability in GetStmUrlPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors...
CVE-2024-29227
Improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in Layout.LayoutSave webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing non-sensitive information and...
CVE-2024-29227
Synology Surveillance Station is affected by an SQL injection in the Layout.LayoutSave webapi component. The issue, present in versions prior to 9.2.0-9289 and prior to 9.2.0-11289, can be exploited by remote authenticated users to read database contents (non-sensitive data) and may enable a limi...
Synology Surveillance Station 安全漏洞
Synology Surveillance Station is an application from Synology, a Chinese company. It provides intelligent monitoring and video management tools to protect your valuable assets. A security vulnerability previously existed in Synology Surveillance Station version 9.2.0-11289, which stemmed from a...
Synology Surveillance Station 安全漏洞
Synology Surveillance Station is an application from Synology, a Chinese company. It provides intelligent monitoring and video management tools to protect your valuable assets. A security vulnerability previously existed in Synology Surveillance Station version 9.2.0-11289, which stemmed from an...
PT-2024-9410 · Synology · Synology Surveillance Station
Name of the Vulnerable Software and Affected Versions: Synology Surveillance Station versions prior to 9.2.0-11289 and 9.2.0-9289 Description: The issue is related to an incorrect authorization vulnerability in the Alert.Setting webapi component. This allows remote authenticated users to perform...
Synology Surveillance Station SQL注入漏洞
Synology Surveillance Station is an application from Synology, a Chinese company. It provides intelligent monitoring and video management tools to protect your valuable assets. A SQL injection vulnerability previously existed in Synology Surveillance Station version 9.2.0-11289, which stemmed fro...
Synology Surveillance Station 安全漏洞
Synology Surveillance Station is an application from Synology, a Chinese company. It provides intelligent monitoring and video management tools to protect your valuable assets. A security vulnerability previously existed in Synology Surveillance Station version 9.2.0-11289, which stemmed from an...
Synology Surveillance Station SQL注入漏洞
Synology Surveillance Station is an application from Synology, a Chinese company. It provides intelligent monitoring and video management tools to protect your valuable assets. A SQL injection vulnerability previously existed in Synology Surveillance Station version 9.2.0-11289, which stemmed fro...
PT-2024-22829 · Synology · Synology Surveillance Station
Name of the Vulnerable Software and Affected Versions: Synology Surveillance Station versions prior to 9.2.0-9289 Synology Surveillance Station versions prior to 9.2.0-11289 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used...
PT-2024-22837 · Synology · Synology Surveillance Station
Name of the Vulnerable Software and Affected Versions: Synology Surveillance Station versions prior to 9.2.0-11289 Synology Surveillance Station versions prior to 9.2.0-9289 Description: A missing authorization vulnerability in the LayoutSave webapi component allows remote authenticated users to...
PT-2024-22826 · Synology · Synology Surveillance Station
Name of the Vulnerable Software and Affected Versions: Synology Surveillance Station versions prior to 9.2.0-9289 Synology Surveillance Station versions prior to 9.2.0-11289 Description: The issue is related to an SQL Injection vulnerability in the SnapShot.CountByCategory webapi component. This...
PT-2024-22828 · Synology · Synology Surveillance Station
Name of the Vulnerable Software and Affected Versions: Synology Surveillance Station versions prior to 9.2.0-11289 Synology Surveillance Station versions prior to 9.2.0-9289 Description: The issue is related to improper neutralization of special elements used in an SQL command, also known as 'SQL...
BIT-MAGENTO-2021-21016 Magento Commerce Unauthorized Data Modification Could Lead to Arbitrary Code Execution
Magento versions 2.4.1 and earlier, 2.4.0 and earlier and 2.3.6 and earlier are vulnerable to OS command injection via the WebAPI. Successful exploitation could lead to remote code execution by an authenticated attacker. Access to the admin console is required for successful exploitation...
BIT-MAGENTO-2021-28585 Magento Commerce improper input validation in customer customer webapi
Magento versions 2.4.2 and earlier, 2.4.1 and earlier and 2.3.6 and earlier are affected by an Improper input validation vulnerability in the New customer WebAPI.Successful exploitation could allow an attacker to send unsolicited spam e-mails...
GHSA-75X2-6H4M-H6MX FullStackHero's WebAPI Boilerplate host header injection vulnerability
A host header injection vulnerability in the forgot password function of FullStackHero's WebAPI Boilerplate v1.0.0 and v1.0.1 allows attackers to leak the password reset token via a crafted request...
FullStackHero's WebAPI Boilerplate host header injection vulnerability
A host header injection vulnerability in the forgot password function of FullStackHero's WebAPI Boilerplate v1.0.0 and v1.0.1 allows attackers to leak the password reset token via a crafted request...
CVE-2024-26470
A host header injection vulnerability in the forgot password function of FullStackHero's WebAPI Boilerplate v1.0.0 and v1.0.1 allows attackers to leak the password reset token via a crafted request...
CVE-2024-26470
A host header injection vulnerability in the forgot password function of FullStackHero's WebAPI Boilerplate v1.0.0 and v1.0.1 allows attackers to leak the password reset token via a crafted request...
Design/Logic Flaw
A host header injection vulnerability in the forgot password function of FullStackHero's WebAPI Boilerplate v1.0.0 and v1.0.1 allows attackers to leak the password reset token via a crafted request...