CVE-2018-19952
https://notcve.org/view.php?id=CVE-2018-19952
If exploited, this SQL injection vulnerability could allow remote attackers to obtain application information. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11. Si es explotada, esta vulnerabilidad de inyección SQL podría permitir a atacantes remotos obtener información de la aplicación. Este problema afecta a: QNAP Systems Inc. • https://www.qnap.com/en/security-advisory/qsa-20-10 • CWE-20: Improper Input Validation CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-943: Improper Neutralization of Special Elements in Data Query Logic •
CVE-2018-19951
https://notcve.org/view.php?id=CVE-2018-19951
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11. Si es explotada, esta vulnerabilidad de secuencias de comandos entre sitios podría permitir a atacantes remotos inyectar código malicioso. Este problema afecta a: QNAP Systems Inc. • https://www.qnap.com/en/security-advisory/qsa-20-10 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVE-2018-19950
https://notcve.org/view.php?id=CVE-2018-19950
If exploited, this command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11. Si es explotada, esta vulnerabilidad de inyección de comandos podría permitir a atacantes remotos ejecutar comandos arbitrarios. Este problema afecta a: QNAP Systems Inc. • https://www.qnap.com/en/security-advisory/qsa-20-10 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2019-7185
https://notcve.org/view.php?id=CVE-2019-7185
This cross-site scripting (XSS) vulnerability in Music Station allows remote attackers to inject and execute scripts on the administrator’s management console. To fix this vulnerability, QNAP recommend updating Music Station to their latest versions. Esta vulnerabilidad de secuencias de comandos entre sitios (XSS) en Music Station permite a los atacantes remotos inyectar y ejecutar secuencias de comandos en la consola de administración del administrador. Para corregir esta vulnerabilidad, QNAP recomienda actualizar Music Station a sus últimas versiones. • https://www.qnap.com/zh-tw/security-advisory/nas-201911-27 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-0729
https://notcve.org/view.php?id=CVE-2018-0729
This command injection vulnerability in Music Station allows attackers to execute commands on the affected device. To fix the vulnerability, QNAP recommend updating Music Station to their latest versions. Esta vulnerabilidad de inyección de comandos en Music Station permite a atacantes ejecutar comandos sobre el dispositivo afectado. Para corregir la vulnerabilidad, QNAP recomienda actualizar Music Station a sus últimas versiones. • https://www.qnap.com/zh-tw/security-advisory/nas-201911-20 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •