Shodan
Vulnerabilities
Vulnerable Software
Synology:  >> Photo Station  >> 5.2-2413  Security Vulnerabilities
CVE-2017-11155
An information exposure vulnerability in index.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to obtain sensitive system information via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.352
Published
2017-08-08
CVE-2015-9102
Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 before 6.0-2638 and 6.3 before 6.3-2962 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) album name, (2) file name of uploaded photos, (3) description of photos, or (4) tag of the photos.
CVSS Score
5.4
EPSS Score
0.003
Published
2017-06-30
CVE-2016-10329
Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to execute arbitrary code via shell metacharacters in the crafted 'X-Forwarded-For' header.
CVSS Score
9.8
EPSS Score
0.151
Published
2017-05-12
CVE-2016-10330
Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors.
CVSS Score
7.1
EPSS Score
0.001
Published
2017-05-12
CVE-2016-10331
Directory traversal vulnerability in download.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to read arbitrary files via a full pathname in the id parameter.
CVSS Score
7.5
EPSS Score
0.004
Published
2017-05-12
CVE-2016-10322
Synology Photo Station before 6.3-2958 allows remote authenticated guest users to execute arbitrary commands via shell metacharacters in the X-Forwarded-For HTTP header to photo/login.php.
CVSS Score
8.8
EPSS Score
0.028
Published
2017-04-10
CVE-2016-10323
Synology Photo Station before 6.3-2958 allows local users to gain privileges by leveraging setuid execution of a "synophoto_dsm_user --copy-no-ea" command.
CVSS Score
7.8
EPSS Score
0.0
Published
2017-04-10
CVE-2015-4656
Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station before 6.3-2945 allow remote attackers to inject arbitrary web script or HTML via the (1) success parameter to login.php or (2) crafted URL parameters to index.php, as demonstrated by the t parameter to photo/.
CVSS Score
4.3
EPSS Score
0.003
Published
2015-06-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved