Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synology file station vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2018-13288
Information exposure vulnerability in SYNO.FolderSharing.List in Synology File Station prior to 1.2.3-0252 and prior to 1.1.5-0125 allows remote malicious users to obtain sensitive information via the (1) folder_path or (2) real_path parameter.
Synology File Station
6.5
CVSSv3
CVE-2017-15893
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology File Station prior to 1.1.1-0099 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.
Synology File Station
5.4
CVSSv3
CVE-2018-8923
Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology File Station prior to 1.1.4-0122 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments.
Synology File Station
5.4
CVSSv3
CVE-2015-9105
Multiple cross-site scripting (XSS) vulnerabilities in Synology Video Station 1.2 prior to 1.2-0455, 1.5 prior to 1.5-0772, and 1.6 prior to 1.6-0847 allow remote authenticated malicious users to inject arbitrary web script or HTML via the (1) file name or (2) collection name of ...
Synology Video Station 1.6-0844
Synology Video Station 1.2-0439
Synology Video Station 1.2-0453
Synology Video Station 1.5-0754
Synology Video Station 1.2-0447
Synology Video Station 1.5-0753
Synology Video Station 1.2-0451
Synology Video Station 1.6-0841
Synology Video Station 1.5-0763
Synology Video Station 1.5-0770
Synology Video Station 1.2-0443
Synology Video Station 1.6-0840
Synology Video Station 1.5-0757
Synology Video Station 1.6-0835
7.2
CVSSv3
CVE-2017-11154
Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station prior to 6.7.3-3432 and 6.3-2967 allows remote malicious users to create arbitrary PHP scripts via the type parameter.
Synology Photo Station 6.3-2967
Synology Photo Station
1 EDB exploit
8.8
CVSSv3
CVE-2021-29092
Unrestricted upload of file with dangerous type vulnerability in file management component in Synology Photo Station prior to 6.8.14-3500 allows remote authenticated users to execute arbitrary code via unspecified vectors.
Synology Photo Station
5.3
CVSSv3
CVE-2017-12080
An information exposure vulnerability in default HTTP configuration file in Synology Photo Station prior to 6.8.1-3458 and prior to 6.3-2970 allows remote malicious users to obtain sensitive system information via .htaccess file.
Synology Photo Station
NA
CVE-2015-6909
Cross-site scripting (XSS) vulnerability in the "Create download task via file upload" feature in Synology Download Station prior to 3.5-2962 allows remote malicious users to inject arbitrary web script or HTML via the name element in the Info dictionary in a torrent fi...
Synology Download Station
6.5
CVSSv3
CVE-2017-16770
File and directory information exposure vulnerability in SYNO.SurveillanceStation.PersonalSettings.Photo in Synology Surveillance Station prior to 8.1.2-5469 allows remote authenticated users to obtain other user's sensitive files via the filename parameter.
Synology Surveillance Station
6.5
CVSSv3
CVE-2021-29091
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file management component in Synology Photo Station prior to 6.8.14-3500 allows remote authenticated users to write arbitrary files via unspecified vectors.
Synology Photo Station
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30078
CVE-2024-37896
code injection
CVE-2024-3080
CVE-2024-5172
cross-site request forgery
CVE-2024-6111
firmware
CVE-2024-38504
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »