Synology

Photo Station

33 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2017-11155

  • EPSS 35.18%
  • Published 08.08.2017 15:29:07
  • Last modified 20.04.2025 01:37:25

An information exposure vulnerability in index.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to obtain sensitive system information via unspecified vectors.

7.2

CVE-2017-11154

  • EPSS 6.86%
  • Published 08.08.2017 15:29:07
  • Last modified 20.04.2025 01:37:25

Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to create arbitrary PHP scripts via the type parameter.

9.8

CVE-2017-11153

  • EPSS 15.08%
  • Published 08.08.2017 15:29:07
  • Last modified 20.04.2025 01:37:25

Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to gain administrator privileges via a crafted serialized payload.

7.5

CVE-2017-11152

  • EPSS 14.05%
  • Published 08.08.2017 15:29:07
  • Last modified 20.04.2025 01:37:25

Directory traversal vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to write arbitrary files via the path parameter.

9.8

CVE-2017-11151

  • EPSS 14.78%
  • Published 08.08.2017 15:29:07
  • Last modified 20.04.2025 01:37:25

A vulnerability in synotheme_upload.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to upload arbitrary files without authentication via the logo_upload action.

5.4

CVE-2015-9102

  • EPSS 0.33%
  • Published 30.06.2017 13:29:00
  • Last modified 20.04.2025 01:37:25

Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 before 6.0-2638 and 6.3 before 6.3-2962 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) album name, (2) file name of uploaded ph...

7.8

CVE-2017-9552

  • EPSS 0.04%
  • Published 13.06.2017 13:29:00
  • Last modified 20.04.2025 01:37:25

A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. Synology Photo Station employs the synophoto_dsm_user program to authenticate username and password by "synoph...

7.5

CVE-2016-10331

Exploit
  • EPSS 0.39%
  • Published 12.05.2017 20:29:00
  • Last modified 20.04.2025 01:37:25

Directory traversal vulnerability in download.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to read arbitrary files via a full pathname in the id parameter.

7.1

CVE-2016-10330

Exploit
  • EPSS 0.05%
  • Published 12.05.2017 20:29:00
  • Last modified 20.04.2025 01:37:25

Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors.

9.8

CVE-2016-10329

Exploit
  • EPSS 15.11%
  • Published 12.05.2017 20:29:00
  • Last modified 20.04.2025 01:37:25

Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to execute arbitrary code via shell metacharacters in the crafted 'X-Forwarded-For' header.