Filtered by vendor Synology
Subscriptions
Filtered by product Photo Station
Subscriptions
Total
33 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-16771 | 1 Synology | 1 Photo Station | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in Log Viewer in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | ||||
CVE-2017-12079 | 1 Synology | 1 Photo Station | 2024-09-16 | N/A |
Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain arbitrary files via prog_id field. | ||||
CVE-2017-11153 | 1 Synology | 1 Photo Station | 2024-09-16 | N/A |
Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to gain administrator privileges via a crafted serialized payload. | ||||
CVE-2021-29091 | 1 Synology | 1 Photo Station | 2024-09-16 | 7.7 High |
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to write arbitrary files via unspecified vectors. | ||||
CVE-2017-12080 | 1 Synology | 1 Photo Station | 2024-09-16 | N/A |
An information exposure vulnerability in default HTTP configuration file in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain sensitive system information via .htaccess file. | ||||
CVE-2017-11151 | 1 Synology | 1 Photo Station | 2024-09-16 | N/A |
A vulnerability in synotheme_upload.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to upload arbitrary files without authentication via the logo_upload action. | ||||
CVE-2017-11161 | 1 Synology | 1 Photo Station | 2024-09-16 | N/A |
Multiple SQL injection vulnerabilities in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to label.php; or (2) type parameter to synotheme.php. | ||||
CVE-2022-22681 | 1 Synology | 1 Photo Station | 2024-09-16 | 8.1 High |
Session fixation vulnerability in access control management in Synology Photo Station before 6.8.16-3506 allows remote attackers to bypass security constraint via unspecified vectors. | ||||
CVE-2015-4656 | 1 Synology | 1 Photo Station | 2024-08-06 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station before 6.3-2945 allow remote attackers to inject arbitrary web script or HTML via the (1) success parameter to login.php or (2) crafted URL parameters to index.php, as demonstrated by the t parameter to photo/. | ||||
CVE-2016-10330 | 1 Synology | 1 Photo Station | 2024-08-06 | N/A |
Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors. | ||||
CVE-2016-10329 | 1 Synology | 1 Photo Station | 2024-08-06 | N/A |
Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to execute arbitrary code via shell metacharacters in the crafted 'X-Forwarded-For' header. | ||||
CVE-2016-10331 | 1 Synology | 1 Photo Station | 2024-08-06 | N/A |
Directory traversal vulnerability in download.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to read arbitrary files via a full pathname in the id parameter. | ||||
CVE-2017-9552 | 1 Synology | 1 Photo Station | 2024-08-05 | N/A |
A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. Synology Photo Station employs the synophoto_dsm_user program to authenticate username and password by "synophoto_dsm_user --auth USERNAME PASSWORD", and local users are able to obtain credentials by sniffing "/proc/*/cmdline". |