Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synology photo station vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2018-8926
Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station prior to 6.8.5-3471 and prior to 6.3-2975 allows remote authenticated users to conduct privilege escalation attacks via the fullname parameter.
Synology Photo Station
6.1
CVSSv3
CVE-2017-16771
Cross-site scripting (XSS) vulnerability in Log Viewer in Synology Photo Station prior to 6.8.3-3463 and prior to 6.3-2971 allows remote malicious users to inject arbitrary web script or HTML via the username parameter.
Synology Photo Station
8.8
CVSSv3
CVE-2017-16772
Improper input validation vulnerability in SYNOPHOTO_Flickr_MultiUpload in Synology Photo Station prior to 6.8.3-3463 and prior to 6.3-2971 allows remote authenticated users to execute arbitrary codes via the prog_id parameter.
Synology Photo Station
7.5
CVSSv3
CVE-2022-22681
Session fixation vulnerability in access control management in Synology Photo Station prior to 6.8.16-3506 allows remote malicious users to bypass security constraint via unspecified vectors.
Synology Photo Station
5.4
CVSSv3
CVE-2015-9102
Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 prior to 6.0-2638 and 6.3 prior to 6.3-2962 allow remote authenticated malicious users to inject arbitrary web script or HTML via the (1) album name, (2) file name of uploaded photos, (3) descriptio...
Synology Photo Station
8.8
CVSSv3
CVE-2016-10322
Synology Photo Station prior to 6.3-2958 allows remote authenticated guest users to execute arbitrary commands via shell metacharacters in the X-Forwarded-For HTTP header to photo/login.php.
Synology Photo Station
9.8
CVSSv3
CVE-2016-10329
Command injection vulnerability in login.php in Synology Photo Station prior to 6.5.3-3226 allows remote malicious users to execute arbitrary code via shell metacharacters in the crafted 'X-Forwarded-For' header.
Synology Photo Station
7.1
CVSSv3
CVE-2016-10330
Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station prior to 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors.
Synology Photo Station
6.3
CVSSv3
CVE-2018-13282
Session fixation vulnerability in SYNO.PhotoStation.Auth in Synology Photo Station prior to 6.8.7-3481 allows remote malicious users to hijack web sessions via the PHPSESSID parameter.
Synology Photo Station
6.5
CVSSv3
CVE-2017-12071
Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station prior to 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter.
Synology Photo Station
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654
CVE-2023-49606
encryption
NULL pointer dereference
CVE-2024-4439
CVE-2024-4649
race condition
CVE-2024-27202
CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »