Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synology photo station vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2016-10323
Synology Photo Station prior to 6.3-2958 allows local users to gain privileges by leveraging setuid execution of a "synophoto_dsm_user --copy-no-ea" command.
Synology Photo Station
NA
CVE-2015-4656
Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station prior to 6.3-2945 allow remote malicious users to inject arbitrary web script or HTML via the (1) success parameter to login.php or (2) crafted URL parameters to index.php, as demonstrated by the t para...
Synology Photo Station
9.8
CVSSv3
CVE-2021-29089
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in thumbnail component in Synology Photo Station prior to 6.8.14-3500 allows remote attackers users to execute arbitrary SQL commands via unspecified vectors.
Synology Photo Station
7.2
CVSSv3
CVE-2021-29090
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in PHP component in Synology Photo Station prior to 6.8.14-3500 allows remote authenticated users to execute arbitrary SQL command via unspecified vectors.
Synology Photo Station
6.5
CVSSv3
CVE-2021-29091
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file management component in Synology Photo Station prior to 6.8.14-3500 allows remote authenticated users to write arbitrary files via unspecified vectors.
Synology Photo Station
8.8
CVSSv3
CVE-2021-29092
Unrestricted upload of file with dangerous type vulnerability in file management component in Synology Photo Station prior to 6.8.14-3500 allows remote authenticated users to execute arbitrary code via unspecified vectors.
Synology Photo Station
9.8
CVSSv3
CVE-2017-11161
Multiple SQL injection vulnerabilities in Synology Photo Station prior to 6.7.4-3433 and 6.3-2968 allow remote malicious users to execute arbitrary SQL commands via the (1) article_id parameter to label.php; or (2) type parameter to synotheme.php.
Synology Photo Station
6.5
CVSSv3
CVE-2017-11162
Directory traversal vulnerability in synphotoio in Synology Photo Station prior to 6.7.4-3433 and 6.3-2968 allows remote authenticated users to read arbitrary files via unspecified vectors.
Synology Photo Station
8.8
CVSSv3
CVE-2018-8925
Cross-site request forgery (CSRF) vulnerability in admin/user.php in Synology Photo Station prior to 6.8.5-3471 and prior to 6.3-2975 allows remote malicious users to hijack the authentication of administrators via the (1) username, (2) password, (3) admin, (4) action, (5) uid, o...
Synology Photo Station
5.4
CVSSv3
CVE-2017-9555
Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station prior to 6.7.0-3414 allows remote malicious users to inject arbitrary web script or HTML via the image parameter.
Synology Photo Station
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »