Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Download Station Security Vulnerabilities

cve
cve

CVE-2015-6909

Cross-site scripting (XSS) vulnerability in the "Create download task via file upload" feature in Synology Download Station before 3.5-2962 allows remote attackers to inject arbitrary web script or HTML via the name element in the Info dictionary in a torrent file.

5.8AI Score

0.004EPSS

2015-09-11 04:59 PM
23
cve
cve

CVE-2015-6913

Cross-site scripting (XSS) vulnerability in the "Create download task via URL" feature in Synology Download Station before 3.5-2967 allows remote attackers to inject arbitrary web script or HTML via the urls parameter in an add_url_task action to dlm/downloadman.cgi.

5.9AI Score

0.003EPSS

2015-09-11 04:59 PM
29
cve
cve

CVE-2017-11149

Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary local files via crafted URI.

6.5CVSS

6.2AI Score

0.001EPSS

2017-08-14 07:29 PM
32
cve
cve

CVE-2017-11156

Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code by uploading an executable via unspecified vectors.

7.8CVSS

7.7AI Score

0.006EPSS

2017-08-14 07:29 PM
31
cve
cve

CVE-2021-33184

Server-Side request forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.15-3563 allows remote authenticated users to read arbitrary files via unspecified vectors.

7.7CVSS

7AI Score

0.001EPSS

2021-06-01 02:15 PM
26
cve
cve

CVE-2021-34809

Improper neutralization of special elements used in a command ('Command Injection') vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors.

9.9CVSS

8.6AI Score

0.001EPSS

2021-06-18 03:15 AM
55
3
cve
cve

CVE-2021-34810

Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors.

9.9CVSS

8.5AI Score

0.001EPSS

2021-06-18 03:15 AM
61
3
cve
cve

CVE-2021-34811

Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via unspecified vectors.

5CVSS

4.3AI Score

0.001EPSS

2021-06-18 03:15 AM
57
2