Search Results (351 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-15893 1 Synology 1 File Station 2025-04-20 N/A
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology File Station before 1.1.1-0099 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.
CVE-2017-15891 1 Synology 1 Calendar 2025-04-20 N/A
Improper access control vulnerability in SYNO.Cal.EventBase in Synology Calendar before 2.0.1-0242 allows remote authenticated users to modify calendar event via unspecified vectors.
CVE-2017-15890 1 Synology 1 Mailplus Server 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in Disclaimer in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary web script or HTML via the NAME parameter.
CVE-2017-15889 1 Synology 1 Diskstation Manager 2025-04-20 N/A
Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field.
CVE-2017-15887 1 Synology 1 Carddav Server 2025-04-20 N/A
An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server before 6.0.7-0085 allows remote attackers to obtain user credentials via a brute-force attack.
CVE-2017-9554 1 Synology 1 Diskstation Manager 2025-04-20 N/A
An information exposure vulnerability in forget_passwd.cgi in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to enumerate valid usernames via unspecified vectors.
CVE-2017-15888 1 Synology 1 Audio Station 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in Custom Internet Radio List in Synology Audio Station before 6.3.0-3260 allows remote authenticated attackers to inject arbitrary web script or HTML via the NAME parameter.
CVE-2017-12080 1 Synology 1 Photo Station 2025-04-20 N/A
An information exposure vulnerability in default HTTP configuration file in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain sensitive system information via .htaccess file.
CVE-2017-12079 1 Synology 1 Photo Station 2025-04-20 N/A
Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain arbitrary files via prog_id field.
CVE-2017-12077 1 Synology 1 Router Manager 2025-04-20 N/A
Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology Router Manager (SRM) before 1.1.4-6509 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack.
CVE-2017-12072 1 Synology 1 Photo Station 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.8.0-3456 allows remote authenticated users to inject arbitrary web scripts or HTML via the id parameter.
CVE-2017-9555 1 Synology 1 Photo Station 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.0-3414 allows remote attackers to inject arbitrary web script or HTML via the image parameter.
CVE-2017-12074 1 Synology 1 Dns Server 2025-04-20 N/A
Directory traversal vulnerability in the SYNO.DNSServer.Zone.MasterZoneConf in Synology DNS Server before 2.2.1-3042 allows remote authenticated attackers to write arbitrary files via the domain_name parameter.
CVE-2015-9105 1 Synology 1 Video Station 2025-04-20 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Synology Video Station 1.2 before 1.2-0455, 1.5 before 1.5-0772, and 1.6 before 1.6-0847 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) file name or (2) collection name of videos.
CVE-2017-11162 1 Synology 1 Photo Station 2025-04-20 N/A
Directory traversal vulnerability in synphotoio in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to read arbitrary files via unspecified vectors.
CVE-2017-14491 13 Arista, Arubanetworks, Canonical and 10 more 35 Eos, Arubaos, Ubuntu Linux and 32 more 2025-04-20 9.8 Critical
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.
CVE-2017-11152 1 Synology 1 Photo Station 2025-04-20 N/A
Directory traversal vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to write arbitrary files via the path parameter.
CVE-2017-11149 1 Synology 1 Download Station 2025-04-20 N/A
Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary local files via crafted URI.
CVE-2015-9103 1 Synology 1 Note Station 2025-04-20 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Synology Note Station 1.1-0212 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) note title or (2) file name of attachments.
CVE-2017-11150 1 Synology 1 Office 2025-04-20 N/A
Command injection vulnerability in Document.php in Synology Office 2.2.0-1502 and 2.2.1-1506 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the crafted file name of RTF documents.