Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Synology Subscribe
Filtered by product Photo Station

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 15 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-22681 1 Synology 1 Photo Station 2022-07-14 5.0 MEDIUM 7.5 HIGH
Session fixation vulnerability in access control management in Synology Photo Station before 6.8.16-3506 allows remote attackers to bypass security constraint via unspecified vectors.
CVE-2021-29090 1 Synology 1 Photo Station 2021-06-10 9.0 HIGH 7.2 HIGH
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in PHP component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary SQL command via unspecified vectors.
CVE-2021-29092 1 Synology 1 Photo Station 2021-06-09 6.5 MEDIUM 8.8 HIGH
Unrestricted upload of file with dangerous type vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary code via unspecified vectors.
CVE-2018-8926 1 Synology 1 Photo Station 2019-10-09 6.5 MEDIUM 8.8 HIGH
Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote authenticated users to conduct privilege escalation attacks via the fullname parameter.
CVE-2018-8925 1 Synology 1 Photo Station 2019-10-09 6.8 MEDIUM 8.8 HIGH
Cross-site request forgery (CSRF) vulnerability in admin/user.php in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote attackers to hijack the authentication of administrators via the (1) username, (2) password, (3) admin, (4) action, (5) uid, or (6) modify_admin parameter.
CVE-2017-9552 1 Synology 1 Photo Station 2019-10-09 2.1 LOW 7.8 HIGH
A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. Synology Photo Station employs the synophoto_dsm_user program to authenticate username and password by "synophoto_dsm_user --auth USERNAME PASSWORD", and local users are able to obtain credentials by sniffing "/proc/*/cmdline".
CVE-2017-16772 1 Synology 1 Photo Station 2019-10-09 6.5 MEDIUM 8.8 HIGH
Improper input validation vulnerability in SYNOPHOTO_Flickr_MultiUpload in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote authenticated users to execute arbitrary codes via the prog_id parameter.
CVE-2017-12079 1 Synology 1 Photo Station 2019-10-09 5.0 MEDIUM 7.5 HIGH
Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain arbitrary files via prog_id field.
CVE-2017-11152 1 Synology 1 Photo Station 2019-10-09 5.0 MEDIUM 7.5 HIGH
Directory traversal vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to write arbitrary files via the path parameter.
CVE-2017-11155 1 Synology 1 Photo Station 2019-10-09 5.0 MEDIUM 7.5 HIGH
An information exposure vulnerability in index.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to obtain sensitive system information via unspecified vectors.
CVE-2017-11154 1 Synology 1 Photo Station 2019-10-09 6.5 MEDIUM 7.2 HIGH
Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to create arbitrary PHP scripts via the type parameter.
CVE-2016-10331 1 Synology 1 Photo Station 2019-10-09 5.0 MEDIUM 7.5 HIGH
Directory traversal vulnerability in download.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to read arbitrary files via a full pathname in the id parameter.
CVE-2016-10330 1 Synology 1 Photo Station 2019-10-09 4.6 MEDIUM 7.1 HIGH
Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors.
CVE-2016-10323 1 Synology 1 Photo Station 2018-06-13 7.2 HIGH 7.8 HIGH
Synology Photo Station before 6.3-2958 allows local users to gain privileges by leveraging setuid execution of a "synophoto_dsm_user --copy-no-ea" command.
CVE-2016-10322 1 Synology 1 Photo Station 2017-04-17 6.5 MEDIUM 8.8 HIGH
Synology Photo Station before 6.3-2958 allows remote authenticated guest users to execute arbitrary commands via shell metacharacters in the X-Forwarded-For HTTP header to photo/login.php.