Synology

Photo Station

33 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2017-16772

  • EPSS 1.31%
  • Published 22.03.2018 14:29:00
  • Last modified 21.11.2024 03:16:56

Improper input validation vulnerability in SYNOPHOTO_Flickr_MultiUpload in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote authenticated users to execute arbitrary codes via the prog_id parameter.

6.1

CVE-2017-16771

  • EPSS 0.25%
  • Published 22.03.2018 14:29:00
  • Last modified 21.11.2024 03:16:56

Cross-site scripting (XSS) vulnerability in Log Viewer in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote attackers to inject arbitrary web script or HTML via the username parameter.

5.3

CVE-2017-16769

  • EPSS 0.23%
  • Published 23.02.2018 22:29:00
  • Last modified 21.11.2024 03:16:56

Exposure of private information vulnerability in Photo Viewer in Synology Photo Station 6.8.1-3458 allows remote attackers to obtain metadata from password-protected photographs via the map viewer mode.

5.4

CVE-2017-12072

  • EPSS 0.19%
  • Published 20.12.2017 18:29:00
  • Last modified 20.04.2025 01:37:25

Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.8.0-3456 allows remote authenticated users to inject arbitrary web scripts or HTML via the id parameter.

5.3

CVE-2017-12080

  • EPSS 0.23%
  • Published 04.12.2017 19:29:00
  • Last modified 20.04.2025 01:37:25

An information exposure vulnerability in default HTTP configuration file in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain sensitive system information via .htaccess file.

7.5

CVE-2017-12079

  • EPSS 0.3%
  • Published 04.12.2017 19:29:00
  • Last modified 20.04.2025 01:37:25

Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain arbitrary files via prog_id field.

6.5

CVE-2017-12071

  • EPSS 0.34%
  • Published 08.09.2017 14:29:00
  • Last modified 20.04.2025 01:37:25

Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter.

6.5

CVE-2017-11162

  • EPSS 0.38%
  • Published 08.09.2017 14:29:00
  • Last modified 20.04.2025 01:37:25

Directory traversal vulnerability in synphotoio in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to read arbitrary files via unspecified vectors.

9.8

CVE-2017-11161

  • EPSS 0.59%
  • Published 08.09.2017 14:29:00
  • Last modified 20.04.2025 01:37:25

Multiple SQL injection vulnerabilities in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to label.php; or (2) type parameter to synotheme.php.

5.4

CVE-2017-9555

  • EPSS 0.23%
  • Published 24.08.2017 19:29:00
  • Last modified 20.04.2025 01:37:25

Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.0-3414 allows remote attackers to inject arbitrary web script or HTML via the image parameter.