Synology PhotoStation versions 6.7.2-3429 and below suffer from file disclosure and remote SQL injection vulnerabilities.
ad09b2ea0675a31e268f69980f1207ad88aa1a915e3330c604acafaf780e7aa6
Piwigo versions 2.9.5 and below suffer from cross site scripting, command execution, and remote SQL injection vulnerabilities.
b600b5958b0ee6dee3f9d65b7bdd5d3dfc7b58658165a1ff9a81bb89f53f20c0
D-Link DNS-325 ShareCenter versions 1.05B03 and below suffer from remote shell upload and command injection vulnerabilities.
1d616d13ec26238dd932f3e0e6c63790101f854e43be4a7b9cc005eb538134a7
D-Link DNS-343 ShareCenter versions 1.05 and below suffer from a remote command injection vulnerability.
d832c2d9c95f21a1c3cb7649d5a90e5a9d834f91134ce4a5797f72a044e07fe9
This Metasploit module exploits multiple vulnerabilities in Synology PhotoStation. When combined these issues can be leveraged to gain a remote root shell.
c2633b99ae20f01a367fb4e5e36b30f18ba62871b2f3aa8d07c433862694a6b6
This Metasploit module exploits two issues. The first issue is that there is a hard coded backdoor within DNS-320L devices. Using this backdoor access we can then reach buggy code which is vulnerable to command injection. Root shell will be spawned upon successful exploitation. Firmware versions 1.0 (2012/6/15) to 6.0 (2015/07/28) are vulnerable.
3175543cab0a2c0cb2bc860f1b30d10378dff5f312632ca9ec263bf5372403af
This Metasploit module exploits two issues. The first issue is that there is a hard coded backdoor within WDMyCloud devices. Using this backdoor access we can then reach buggy code which is vulnerable to command injection. A root shell will be spawned upon successful exploitation.
addbabad254d2c62cc2568d94364398b112815e807d11bba42ea1c6c550f8dea