CVE-2018-1160 – Netatalk 3.1.12 - Authentication Bypass (PoC)
https://notcve.org/view.php?id=CVE-2018-1160
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution. Netatalk, en versiones anteriores a la 3.1.12, es vulnerable a una escritura fuera de límites en dsi_opensess.c. Esto se debe a la falta de comprobación de límites de los datos controlados por el atacante. • https://www.exploit-db.com/exploits/46048 https://www.exploit-db.com/exploits/46034 https://www.exploit-db.com/exploits/46675 https://github.com/SachinThanushka/CVE-2018-1160 http://netatalk.sourceforge.net/3.1/ReleaseNotes3.1.12.html http://packetstormsecurity.com/files/152440/QNAP-Netatalk-Authentication-Bypass.html http://www.securityfocus.com/bid/106301 https://attachments.samba.org/attachment.cgi?id=14735 https://github.com/tenable/poc/tree/master/netatalk/cve_2018_1160 https:/ • CWE-787: Out-of-bounds Write •
CVE-2018-13281
https://notcve.org/view.php?id=CVE-2018-13281
Information exposure vulnerability in SYNO.Core.ACL in Synology DiskStation Manager (DSM) before 6.2-23739-2 allows remote authenticated users to determine the existence and obtain the metadata of arbitrary files via the file_path parameter. Vulnerabilidad de exposición de información en SYNO.Core.ACL en Synology DiskStation Manager (DSM) en versiones anteriores a la 6.2-23739-2 permite que usuarios autenticados remotos determinen la existencia y obtengan los metadatos de archivos arbitrarios mediante el parámetro file_path. • https://www.synology.com/en-global/support/security/Synology_SA_18_36 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-13280
https://notcve.org/view.php?id=CVE-2018-13280
Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors. Vulnerabilidad de uso de valores insuficientemente aleatorios en SYNO.Encryption.GenRandomKey en Synology DiskStation Manager (DSM) en versiones anteriores a la 6.2-23739 permite que atacantes Man-in-the-Middle (MitM) comprometan sesiones que no son HTTPS mediante vectores sin especificar. • https://www.synology.com/en-global/support/security/Synology_SA_18_39 • CWE-330: Use of Insufficiently Random Values •
CVE-2018-8916
https://notcve.org/view.php?id=CVE-2018-8916
Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to reset password without verification. Vulnerabilidad de cambio de contraseña sin verificar en Change Password en Synology DiskStation Manager (DSM) en versiones anteriores a la 6.2-23739 permite que usuarios autenticados remotos restablezcan contraseñas sin verificación. • https://www.synology.com/en-global/support/security/Synology_SA_18_24 • CWE-620: Unverified Password Change CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVE-2017-12075
https://notcve.org/view.php?id=CVE-2017-12075
Command injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to execute arbitrary command via the username parameter. Vulnerabilidad de inyección de comandos en EZ-Internet en Synology DiskStation Manager (DSM) en versiones anteriores a la 6.2-23739 permite que usuarios remotos autenticados ejecuten comandos arbitrarios mediante el parámetro username. • https://www.synology.com/en-global/support/security/Synology_SA_18_24 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •