Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synology photo station vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2017-11154
Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station prior to 6.7.3-3432 and 6.3-2967 allows remote malicious users to create arbitrary PHP scripts via the type parameter.
Synology Photo Station
Synology Photo Station 6.3-2967
1 EDB exploit
7.1
CVSSv3
CVE-2016-10330
Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station prior to 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors.
Synology Photo Station
6.5
CVSSv3
CVE-2021-29091
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file management component in Synology Photo Station prior to 6.8.14-3500 allows remote authenticated users to write arbitrary files via unspecified vectors.
Synology Photo Station
6.5
CVSSv3
CVE-2019-11822
Relative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station prior to 6.8.11-3489 and prior to 6.3-2977 allows remote malicious users to upload arbitrary files via the uploadphoto parameter.
Synology Photo Station
6.5
CVSSv3
CVE-2017-12071
Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station prior to 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter.
Synology Photo Station
6.5
CVSSv3
CVE-2017-11162
Directory traversal vulnerability in synphotoio in Synology Photo Station prior to 6.7.4-3433 and 6.3-2968 allows remote authenticated users to read arbitrary files via unspecified vectors.
Synology Photo Station
6.3
CVSSv3
CVE-2018-13282
Session fixation vulnerability in SYNO.PhotoStation.Auth in Synology Photo Station prior to 6.8.7-3481 allows remote malicious users to hijack web sessions via the PHPSESSID parameter.
Synology Photo Station
6.1
CVSSv3
CVE-2017-16771
Cross-site scripting (XSS) vulnerability in Log Viewer in Synology Photo Station prior to 6.8.3-3463 and prior to 6.3-2971 allows remote malicious users to inject arbitrary web script or HTML via the username parameter.
Synology Photo Station
5.4
CVSSv3
CVE-2017-12072
Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station prior to 6.8.0-3456 allows remote authenticated users to inject arbitrary web scripts or HTML via the id parameter.
Synology Photo Station
5.4
CVSSv3
CVE-2017-9555
Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station prior to 6.7.0-3414 allows remote malicious users to inject arbitrary web script or HTML via the image parameter.
Synology Photo Station
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
CVE-2023-52162
CVE-2024-23670
CVE-2024-5404
man-in-the-middle
CVE-2024-5214
CVE-2024-4358
CVE-2024-20696
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »