CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Synology: >> Photo Station >> 6.3-2967 Security Vulnerabilities

CVE-2016-10329

Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to execute arbitrary code via shell metacharacters in the crafted 'X-Forwarded-For' header.

CVSS Score

9.8

EPSS Score

0.151

Published

2017-05-12

CVE-2016-10330

Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors.

CVSS Score

7.1

EPSS Score

0.001

Published

2017-05-12

CVE-2016-10331

Directory traversal vulnerability in download.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to read arbitrary files via a full pathname in the id parameter.

CVSS Score

7.5

EPSS Score

0.004

Published

2017-05-12

Page 3

Vulnerabilities

Vulnerable Software

Synology: >> Photo Station >> 6.3-2967 Security Vulnerabilities

Products

Pricing

Contact Us