Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synology photo station vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2017-9555
Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station prior to 6.7.0-3414 allows remote malicious users to inject arbitrary web script or HTML via the image parameter.
Synology Photo Station
312
VMScore
CVE-2015-9102
Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 prior to 6.0-2638 and 6.3 prior to 6.3-2962 allow remote authenticated malicious users to inject arbitrary web script or HTML via the (1) album name, (2) file name of uploaded photos, (3) descriptio...
Synology Photo Station
446
VMScore
CVE-2022-22681
Session fixation vulnerability in access control management in Synology Photo Station prior to 6.8.16-3506 allows remote malicious users to bypass security constraint via unspecified vectors.
Synology Photo Station
383
VMScore
CVE-2015-4656
Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station prior to 6.3-2945 allow remote malicious users to inject arbitrary web script or HTML via the (1) success parameter to login.php or (2) crafted URL parameters to index.php, as demonstrated by the t para...
Synology Photo Station
641
VMScore
CVE-2016-10323
Synology Photo Station prior to 6.3-2958 allows local users to gain privileges by leveraging setuid execution of a "synophoto_dsm_user --copy-no-ea" command.
Synology Photo Station
668
VMScore
CVE-2016-10329
Command injection vulnerability in login.php in Synology Photo Station prior to 6.5.3-3226 allows remote malicious users to execute arbitrary code via shell metacharacters in the crafted 'X-Forwarded-For' header.
Synology Photo Station
445
VMScore
CVE-2016-10331
Directory traversal vulnerability in download.php in Synology Photo Station prior to 6.5.3-3226 allows remote malicious users to read arbitrary files via a full pathname in the id parameter.
Synology Photo Station
356
VMScore
CVE-2017-11162
Directory traversal vulnerability in synphotoio in Synology Photo Station prior to 6.7.4-3433 and 6.3-2968 allows remote authenticated users to read arbitrary files via unspecified vectors.
Synology Photo Station
668
VMScore
CVE-2019-11821
SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station prior to 6.8.11-3489 and prior to 6.3-2977 allows remote malicious users to execute arbitrary SQL command via the type parameter.
Synology Photo Station
356
VMScore
CVE-2019-11822
Relative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station prior to 6.8.11-3489 and prior to 6.3-2977 allows remote malicious users to upload arbitrary files via the uploadphoto parameter.
Synology Photo Station
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »