Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
photo station vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2016-10329
Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to execute arbitrary code via shell metacharacters in the crafted 'X-Forwarded-For' header....
Synology Photo Station
4.3
CVSSv2
CVE-2018-0715
Cross-site scripting vulnerability in QNAP Photo Station versions 5.7.0 and earlier could allow remote attackers to inject Javascript code in the compromised application....
Qnap Photo Station
1 EDB exploit available
5
CVSSv2
CVE-2017-12079
Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain arbitrary files via prog_id field....
Synology Photo Station
4.3
CVSSv2
CVE-2018-19954
The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions...
Qnap Photo Station
4.3
CVSSv2
CVE-2018-19956
The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions...
Qnap Photo Station
7.5
CVSSv2
CVE-2019-11821
SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to execute arbitrary SQL command via the type parameter....
Synology Photo Station
3.5
CVSSv2
CVE-2015-9102
Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 before 6.0-2638 and 6.3 before 6.3-2962 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) album name, (2) file name of uploaded photos, (3) description of...
Synology Photo Station
4.3
CVSSv2
CVE-2017-16771
Cross-site scripting (XSS) vulnerability in Log Viewer in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote attackers to inject arbitrary web script or HTML via the username parameter....
Synology Photo Station
6.5
CVSSv2
CVE-2018-8926
Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote authenticated users to conduct privilege escalation attacks via the fullname parameter....
Synology Photo Station
4
CVSSv2
CVE-2017-12071
Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter....
Synology Photo Station
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-24069
remote code execution
mass assignment
CVE-2021-1782
CVE-2021-23962
CVE-2021-24081
cross-site scripting
CVE-2021-21973
CVE-2021-23972
« PREV
1
2
3
4
5
NEXT »
Vulmon