Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
photo station vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2019-11822
Relative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station prior to 6.8.11-3489 and prior to 6.3-2977 allows remote malicious users to upload arbitrary files via the uploadphoto parameter.
Synology Photo Station
445
VMScore
CVE-2017-12080
An information exposure vulnerability in default HTTP configuration file in Synology Photo Station prior to 6.8.1-3458 and prior to 6.3-2970 allows remote malicious users to obtain sensitive system information via .htaccess file.
Synology Photo Station
668
VMScore
CVE-2019-11821
SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station prior to 6.8.11-3489 and prior to 6.3-2977 allows remote malicious users to execute arbitrary SQL command via the type parameter.
Synology Photo Station
435
VMScore
CVE-2018-0715
Cross-site scripting vulnerability in QNAP Photo Station versions 5.7.0 and previous versions could allow remote malicious users to inject Javascript code in the compromised application.
Qnap Photo Station
1 EDB exploit
446
VMScore
CVE-2022-22681
Session fixation vulnerability in access control management in Synology Photo Station prior to 6.8.16-3506 allows remote malicious users to bypass security constraint via unspecified vectors.
Synology Photo Station
356
VMScore
CVE-2017-12071
Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station prior to 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter.
Synology Photo Station
312
VMScore
CVE-2017-12072
Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station prior to 6.8.0-3456 allows remote authenticated users to inject arbitrary web scripts or HTML via the id parameter.
Synology Photo Station
445
VMScore
CVE-2017-12079
Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station prior to 6.8.1-3458 and prior to 6.3-2970 allows remote malicious users to obtain arbitrary files via prog_id field.
Synology Photo Station
801
VMScore
CVE-2021-29090
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in PHP component in Synology Photo Station prior to 6.8.14-3500 allows remote authenticated users to execute arbitrary SQL command via unspecified vectors.
Synology Photo Station
356
VMScore
CVE-2021-29091
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file management component in Synology Photo Station prior to 6.8.14-3500 allows remote authenticated users to write arbitrary files via unspecified vectors.
Synology Photo Station
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »