Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
photo station vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2018-19955
The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote malicious users to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions before 5.7.11; versions ...
Qnap Photo Station
6.1
CVSSv3
CVE-2018-19956
The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote malicious users to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions before 5.7.11; versions ...
Qnap Photo Station
6.1
CVSSv3
CVE-2020-2502
This cross-site scripting vulnerability in Photo Station allows remote malicious users to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. Photo Station 6.0.11 and later
Qnap Photo Station
6.5
CVSSv3
CVE-2017-12071
Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station prior to 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter.
Synology Photo Station
5.4
CVSSv3
CVE-2017-12072
Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station prior to 6.8.0-3456 allows remote authenticated users to inject arbitrary web scripts or HTML via the id parameter.
Synology Photo Station
7.5
CVSSv3
CVE-2017-12079
Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station prior to 6.8.1-3458 and prior to 6.3-2970 allows remote malicious users to obtain arbitrary files via prog_id field.
Synology Photo Station
9.8
CVSSv3
CVE-2019-11821
SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station prior to 6.8.11-3489 and prior to 6.3-2977 allows remote malicious users to execute arbitrary SQL command via the type parameter.
Synology Photo Station
6.5
CVSSv3
CVE-2019-11822
Relative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station prior to 6.8.11-3489 and prior to 6.3-2977 allows remote malicious users to upload arbitrary files via the uploadphoto parameter.
Synology Photo Station
7.8
CVSSv3
CVE-2016-10323
Synology Photo Station prior to 6.3-2958 allows local users to gain privileges by leveraging setuid execution of a "synophoto_dsm_user --copy-no-ea" command.
Synology Photo Station
7.5
CVSSv3
CVE-2016-10331
Directory traversal vulnerability in download.php in Synology Photo Station prior to 6.5.3-3226 allows remote malicious users to read arbitrary files via a full pathname in the id parameter.
Synology Photo Station
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32744
privilege escalation
CVE-2024-30253
CVE-2024-3914
cross-site scripting
CVE-2024-31497
CVE-2024-3400
CVE-2024-32341
hardcoded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »