CVSS: 2.1EPSS: 0%CPEs: 21EXPL: 0CVE-2010-3684
https://notcve.org/view.php?id=CVE-2010-3684
The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-2010-2453. El módulo de autenticación de FTP en Synology Disk Station v2.x registra las contraseñas de la interfaz de aplicación web en los casos de intentos de conexión incorrecta, lo cual permite a usuarios locales obtener información sensible mediante la lectura de un registro, una vulnerabilidad diferente de CVE-2010-2453. • http://www.securityfocus.com/archive/1/513970/100/0/threaded • CWE-255: Credentials Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 22EXPL: 0CVE-2010-2453 – Synology Disk Station Code Execution / Cross Site Request Forgery / Cross Site Scripting
https://notcve.org/view.php?id=CVE-2010-2453
Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted (1) USER or (2) PASS command, which is written by the FTP logging module to a web-interface log window, related to a "web commands injection" issue. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Synology Disk Station v2.x antes de DSM3.0-1337 permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante la conexión al servidor FTP y proporciondo un comando (1) USER o (2) PASS manipulados, los cuales son escritos por el módulo de registro (log) del FTP a una ventana de registro de interfaz web, relacionadas con un problema de "inyección de comandos web" . Synology Disk Station suffers from code execution, cross site request forgery and cross site scripting vulnerabilities. • http://www.securityfocus.com/archive/1/513970/100/0/threaded • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •