Page 3 of 22 results (0.009 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Information exposure vulnerability in SYNO.FolderSharing.List in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter. Una vulnerabilidad de exposición de información en SYNO.FolderSharing.List en Synology Router Manager (SRM), en versiones anteriores a la 1.1.7-6941-2, permite a los atacantes remotos obtener información sensible mediante los parámetros (1) folder_path o (2) real_path. • https://www.synology.com/security/advisory/Synology_SA_18_48 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readable configuration. Una vulnerabilidad de permisos por defecto incorrectos en synouser.conf en Synology Router Manager (SRM), en versiones anteriores a la 1.1.7-6941-1, permite a los usuarios remotos autenticados obtener información sensible mediante la configuración de lectura global • https://www.synology.com/security/advisory/Synology_SA_18_34 • CWE-276: Incorrect Default Permissions •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0

Command injection vulnerability in ftpd in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command. Una vulnerabilidad de inyección de comandos en ftpd en Synology Router Manager (SRM), en versiones anteriores a la 1.1.7-6941-1, permite a los usuarios remotos autenticados ejecutar comandos arbitrarios del sistema operativo mediante los comandos (1) MKD o (2) RMD. • https://www.synology.com/security/advisory/Synology_SA_18_34 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in info.cgi in Synology Router Manager (SRM) before 1.1.7-6941 allows remote attackers to inject arbitrary web script or HTML via the host parameter. Vulnerabilidad Cross-Site Scripting (XSS) en info.cgi en Synology Router Manager (SRM) en versiones anteriores a la 1.1.7-6941 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el parámetro host. • https://www.synology.com/security/advisory/Synology_SA_18_25 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

Command injection vulnerability in EZ-Internet in Synology Router Manager (SRM) before 1.1.6-6931 allows remote authenticated users to execute arbitrary command via the username parameter. Vulnerabilidad de inyección de comandos en EZ-Internet en Synology Router Manager (SRM) en versiones anteriores a la 1.1.56-6931 permite que usuarios remotos autenticados escriban archivos arbitrarios mediante el parámetro dest_folder_path. • https://www.synology.com/en-global/support/security/Synology_SA_17_79 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •