3 results (0.007 seconds)

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

Information exposure vulnerability in SYNO.FolderSharing.List in Synology File Station before 1.2.3-0252 and before 1.1.5-0125 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter. Una vulnerabilidad de exposición de información en SYNO.FolderSharing.List en Synology File Station, en versiones anteriores a la 1.2.3-0252 y en las anteriores a la 1.1.5-0125, permite a los atacantes remotos obtener información sensible mediante los parámetros (1) folder_path o (2) real_path. • https://www.synology.com/security/advisory/Synology_SA_18_35 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology File Station before 1.1.4-0122 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments. Vulnerabilidad de Cross-Site Scripting (XSS) en Attachment Preview en Synology File Station en versiones anteriores a la 1.1.4-0122 permite que atacantes remotos autenticados inyecten scripts web o HTML arbitrarios mediante adjuntos maliciosos. • https://www.synology.com/zh-tw/support/security/Synology_SA_18_09 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology File Station before 1.1.1-0099 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter. Una vulnerabilidad de salto de directorio en SYNO.FileStation.Extract en Synology File Station en versiones anteriores a la 1.1.1-0099 permite que usuarios remotos autenticados escriban archivos arbitrarios mediante el parámetro dest_folder_path. • https://www.synology.com/en-global/support/security/Synology_SA_17_69_File_Station • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •