var-201401-0159
Vulnerability from variot
webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header. Synology Provided by DiskStation Manager Is HTTP There is a problem with request processing, and there is a vulnerability with poor access control. Attacks using this vulnerability have been observed. Also, the attack code using this vulnerability has been released.By a remote third party, root It may be additionally written to a file on the system with permission. As a result, arbitrary code may be executed. Synology DiskStation Manager is prone to a remote command-execution vulnerability. An attacker can exploit this issue to execute arbitrary commands with root privileges. Synology DiskStation Manager 4.x are vulnerable; other versions may also be affected. Synology DiskStation Manager (DSM) is an operating system developed by Synology for network storage servers (NAS). The operating system can manage data, documents, photos, music and other information. A security vulnerability exists in the webman/imageSelector.cgi file in Synology DSM 4.3-3776-3 and earlier versions.
http://www.synology.com/en-global/company/news/article/437
February 14, 2014\x97Synology\xae confirmed known security issues (reported as CVE-2013-6955 and CVE-2013-6987) which would cause compromise to file access authority in DSM. An updated DSM version resolving these issues has been released accordingly.
The followings are possible symptoms to appear on affected DiskStation and RackStation:
Exceptionally high CPU usage detected in Resource Monitor:
CPU resource occupied by processes such as dhcp.pid, minerd, synodns, PWNED, PWNEDb, PWNEDg, PWNEDm, or any processes with PWNED in their names
Appearance of non-Synology folder:
An automatically created shared folder with the name \x93startup\x94, or a non-Synology folder appearing under the path of \x93/root/PWNED\x94
Redirection of the Web Station:
\x93Index.php\x94 is redirected to an unexpected page
Appearance of non-Synology CGI program:
Files with meaningless names exist under the path of \x93/usr/syno/synoman\x94
Appearance of non-Synology script file:
Non-Synology script files, such as \x93S99p.sh\x94, appear under the path of \x93/usr/syno/etc/rc.d\x94
If users identify any of above situation, they are strongly encouraged to do the following:
For DiskStation or RackStation running on DSM 4.3, please follow the instruction here (http://www.synology.com/en-global/support/faq/348) to REINSTALL DSM 4.3-3827.
For DiskStation or RackStation running on DSM 4.0, it\x92s recommended to REINSTALL DSM 4.0-2259 or onward from Synology Download Center.
For DiskStation or RackStation running on DSM 4.1 or DSM 4.2, it\x92s recommended to REINSTALL DSM 4.2-3243 or onward from Synology Download Center (http://www.synology.com/en-global/support/download).
Confidentiality Impact Complete (There is total information disclosure, resulting in all system files being revealed.) Integrity Impact Complete (There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.) Availability Impact Complete (There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.) Access Complexity Low (Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. ) Authentication Not required (Authentication is not required to exploit the vulnerability.) Gained Access None Vulnerability Type(s) Execute Code
This is also known as the /PWNED or /lolz hack
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0159",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "diskstation manager",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "4.3-3810"
},
{
"model": "diskstation manager",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "4.3"
},
{
"model": "diskstation manager",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "4.0"
},
{
"model": "diskstation manager",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "4.2"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"model": "diskstation manager",
"scope": "lte",
"trust": 0.8,
"vendor": "synology",
"version": "version 4.3-3776-3"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#615910"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001004"
},
{
"db": "NVD",
"id": "CVE-2013-6955"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-017"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:4.3-3810:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-6955"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Markus Wulftange",
"sources": [
{
"db": "BID",
"id": "64516"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-017"
}
],
"trust": 0.9
},
"cve": "CVE-2013-6955",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 10.0,
"collateralDamagePotential": "LOW",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 2.0,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 10.0,
"id": "CVE-2013-6955",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "OFFICIAL FIX",
"reportConfidence": "CONFIRMED",
"severity": "HIGH",
"targetDistribution": "LOW",
"trust": 0.8,
"userInterationRequired": null,
"vector_string": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2013-6955",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-66957",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-6955",
"trust": 2.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-017",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-66957",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#615910"
},
{
"db": "VULHUB",
"id": "VHN-66957"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001004"
},
{
"db": "NVD",
"id": "CVE-2013-6955"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-017"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header. Synology Provided by DiskStation Manager Is HTTP There is a problem with request processing, and there is a vulnerability with poor access control. Attacks using this vulnerability have been observed. Also, the attack code using this vulnerability has been released.By a remote third party, root It may be additionally written to a file on the system with permission. As a result, arbitrary code may be executed. Synology DiskStation Manager is prone to a remote command-execution vulnerability. \nAn attacker can exploit this issue to execute arbitrary commands with root privileges. \nSynology DiskStation Manager 4.x are vulnerable; other versions may also be affected. Synology DiskStation Manager (DSM) is an operating system developed by Synology for network storage servers (NAS). The operating system can manage data, documents, photos, music and other information. A security vulnerability exists in the webman/imageSelector.cgi file in Synology DSM 4.3-3776-3 and earlier versions. \n\nhttp://www.synology.com/en-global/company/news/article/437\n\nFebruary 14, 2014\\x97Synology\\xae confirmed known security issues (reported as CVE-2013-6955 and CVE-2013-6987) which would cause compromise to file access authority in DSM. An updated DSM version resolving these issues has been released accordingly. \n\nThe followings are possible symptoms to appear on affected DiskStation and RackStation:\n\n Exceptionally high CPU usage detected in Resource Monitor:\n CPU resource occupied by processes such as dhcp.pid, minerd, synodns, PWNED, PWNEDb, PWNEDg, PWNEDm, or any processes with PWNED in their names\n Appearance of non-Synology folder:\n An automatically created shared folder with the name \\x93startup\\x94, or a non-Synology folder appearing under the path of \\x93/root/PWNED\\x94\n Redirection of the Web Station:\n \\x93Index.php\\x94 is redirected to an unexpected page\n Appearance of non-Synology CGI program:\n Files with meaningless names exist under the path of \\x93/usr/syno/synoman\\x94\n Appearance of non-Synology script file:\n Non-Synology script files, such as \\x93S99p.sh\\x94, appear under the path of \\x93/usr/syno/etc/rc.d\\x94\n\nIf users identify any of above situation, they are strongly encouraged to do the following:\n\n For DiskStation or RackStation running on DSM 4.3, please follow the instruction here (http://www.synology.com/en-global/support/faq/348) to REINSTALL DSM 4.3-3827. \n For DiskStation or RackStation running on DSM 4.0, it\\x92s recommended to REINSTALL DSM 4.0-2259 or onward from Synology Download Center. \n For DiskStation or RackStation running on DSM 4.1 or DSM 4.2, it\\x92s recommended to REINSTALL DSM 4.2-3243 or onward from Synology Download Center (http://www.synology.com/en-global/support/download). \n\nConfidentiality Impact \tComplete (There is total information disclosure, resulting in all system files being revealed.)\nIntegrity Impact \tComplete (There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.)\nAvailability Impact \tComplete (There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.)\nAccess Complexity \tLow (Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )\nAuthentication \tNot required (Authentication is not required to exploit the vulnerability.)\nGained Access \tNone\nVulnerability Type(s) \tExecute Code\n\nThis is also known as the /PWNED or /lolz hack",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-6955"
},
{
"db": "CERT/CC",
"id": "VU#615910"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001004"
},
{
"db": "BID",
"id": "64516"
},
{
"db": "VULHUB",
"id": "VHN-66957"
},
{
"db": "PACKETSTORM",
"id": "125864"
}
],
"trust": 2.79
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-66957",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66957"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-6955",
"trust": 3.7
},
{
"db": "CERT/CC",
"id": "VU#615910",
"trust": 3.3
},
{
"db": "BID",
"id": "64516",
"trust": 1.0
},
{
"db": "JVN",
"id": "JVNVU95919136",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001004",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201401-017",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "125864",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-83853",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "30470",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "124568",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-66957",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#615910"
},
{
"db": "VULHUB",
"id": "VHN-66957"
},
{
"db": "BID",
"id": "64516"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001004"
},
{
"db": "PACKETSTORM",
"id": "125864"
},
{
"db": "NVD",
"id": "CVE-2013-6955"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-017"
}
]
},
"id": "VAR-201401-0159",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-66957"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:08:54.019000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DiskStation Manager",
"trust": 0.8,
"url": "http://www.synology.com/ja-jp/dsm/index"
},
{
"title": "\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u30bb\u30f3\u30bf\u30fc",
"trust": 0.8,
"url": "http://www.synology.com/ja-jp/support/download"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001004"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66957"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001004"
},
{
"db": "NVD",
"id": "CVE-2013-6955"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/615910"
},
{
"trust": 0.8,
"url": "http://www.synology.com/en-us/dsm/index"
},
{
"trust": 0.8,
"url": "http://www.synology.com/en-us/support/download "
},
{
"trust": 0.8,
"url": "http://www.npa.go.jp/cyberpolice/detect/pdf/20140305.pdf"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6955"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu95919136"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6955"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/64516"
},
{
"trust": 0.1,
"url": "http://www.synology.com/en-global/company/news/article/437"
},
{
"trust": 0.1,
"url": "http://www.synology.com/en-global/support/faq/348)"
},
{
"trust": 0.1,
"url": "http://www.synology.com/en-global/support/download)."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6987"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6955"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#615910"
},
{
"db": "VULHUB",
"id": "VHN-66957"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001004"
},
{
"db": "PACKETSTORM",
"id": "125864"
},
{
"db": "NVD",
"id": "CVE-2013-6955"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-017"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#615910"
},
{
"db": "VULHUB",
"id": "VHN-66957"
},
{
"db": "BID",
"id": "64516"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001004"
},
{
"db": "PACKETSTORM",
"id": "125864"
},
{
"db": "NVD",
"id": "CVE-2013-6955"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-017"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-07T00:00:00",
"db": "CERT/CC",
"id": "VU#615910"
},
{
"date": "2014-01-09T00:00:00",
"db": "VULHUB",
"id": "VHN-66957"
},
{
"date": "2013-12-25T00:00:00",
"db": "BID",
"id": "64516"
},
{
"date": "2014-01-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001004"
},
{
"date": "2014-03-25T23:12:57",
"db": "PACKETSTORM",
"id": "125864"
},
{
"date": "2014-01-09T18:07:04.033000",
"db": "NVD",
"id": "CVE-2013-6955"
},
{
"date": "2013-12-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-017"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-07T00:00:00",
"db": "CERT/CC",
"id": "VU#615910"
},
{
"date": "2014-01-10T00:00:00",
"db": "VULHUB",
"id": "VHN-66957"
},
{
"date": "2014-01-09T00:40:00",
"db": "BID",
"id": "64516"
},
{
"date": "2014-03-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001004"
},
{
"date": "2014-01-10T13:54:24.450000",
"db": "NVD",
"id": "CVE-2013-6955"
},
{
"date": "2014-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-017"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "125864"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-017"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology DiskStation Manager arbitrary file modification",
"sources": [
{
"db": "CERT/CC",
"id": "VU#615910"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-017"
}
],
"trust": 0.6
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.