Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
photo station vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2018-19956
The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote malicious users to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions before 5.7.11; versions ...
Qnap Photo Station
NA
CVE-2023-47561
A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Photo Station 6.4.2 ( 20...
Qnap Photo Station
NA
CVE-2023-47562
An OS command injection vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: Photo Station 6.4.2 ( 2023/12/15 )...
Qnap Photo Station
4
CVSSv2
CVE-2017-12071
Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station prior to 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter.
Synology Photo Station
3.5
CVSSv2
CVE-2017-12072
Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station prior to 6.8.0-3456 allows remote authenticated users to inject arbitrary web scripts or HTML via the id parameter.
Synology Photo Station
5
CVSSv2
CVE-2017-12079
Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station prior to 6.8.1-3458 and prior to 6.3-2970 allows remote malicious users to obtain arbitrary files via prog_id field.
Synology Photo Station
5
CVSSv2
CVE-2017-12080
An information exposure vulnerability in default HTTP configuration file in Synology Photo Station prior to 6.8.1-3458 and prior to 6.3-2970 allows remote malicious users to obtain sensitive system information via .htaccess file.
Synology Photo Station
6.5
CVSSv2
CVE-2018-8926
Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station prior to 6.8.5-3471 and prior to 6.3-2975 allows remote authenticated users to conduct privilege escalation attacks via the fullname parameter.
Synology Photo Station
9
CVSSv2
CVE-2021-29090
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in PHP component in Synology Photo Station prior to 6.8.14-3500 allows remote authenticated users to execute arbitrary SQL command via unspecified vectors.
Synology Photo Station
3.5
CVSSv2
CVE-2015-9102
Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 prior to 6.0-2638 and 6.3 prior to 6.3-2962 allow remote authenticated malicious users to inject arbitrary web script or HTML via the (1) album name, (2) file name of uploaded photos, (3) descriptio...
Synology Photo Station
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »