46 results (0.014 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

An OS command injection vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: Photo Station 6.4.2 ( 2023/12/15 ) and later Se ha informado que una vulnerabilidad de inyección de comandos del sistema operativo afecta a Photo Station. Si se explota, la vulnerabilidad podría permitir a los usuarios autenticados ejecutar comandos a través de una red. Ya hemos solucionado la vulnerabilidad en la siguiente versión: Photo Station 6.4.2 (2023/12/15) y posteriores • https://www.qnap.com/en/security-advisory/qsa-24-08 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Photo Station 6.4.2 ( 2023/12/15 ) and later Vulnerabilidad de Cross-Site Scripting (XSS) afecta a Photo Station. Si se explota, la vulnerabilidad podría permitir a los usuarios autenticados inyectar código malicioso a través de una red. Ya hemos solucionado la vulnerabilidad en la siguiente versión: Photo Station 6.4.2 (2023/12/15) y posteriores • https://www.qnap.com/en/security-advisory/qsa-24-08 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 58%CPEs: 11EXPL: 0

An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later Se ha informado una vulnerabilidad de recursos de referencia controlada externamente afecta al QNAP NAS que ejecuta Photo Station. Si se explota, esto podría permitir a un atacante modificar los archivos del sistema. Ya hemos corregido la vulnerabilidad en las siguientes versiones: QTS versiones 5.0.1: Photo Station versiones 6.1.2 y posteriores QTS versiones 5.0.0/4.5.x: Photo Station versiones 6.0.22 y posteriores QTS versiones 4.3.6: Photo Station versiones 5.7.18 y posteriores QTS versiones 4.3.3: Photo Station versiones 5.4.15 y posteriores QTS versiones 4.2.6: Photo Station versiones 5.2.14 y posteriores Certain QNAP NAS running Photo Station with internet exposure contain an externally controlled reference to a resource vulnerability which can allow an attacker to modify system files. • https://www.qnap.com/en/security-advisory/qsa-22-24 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0

Session fixation vulnerability in access control management in Synology Photo Station before 6.8.16-3506 allows remote attackers to bypass security constraint via unspecified vectors. Una vulnerabilidad de Fijación de Sesión en la administración del control de acceso en Synology Photo Station versiones anteriores a 6.8.16-3506, permite a atacantes remotos omitir las restricciones de seguridad por medio de vectores no especificados • https://www.synology.com/security/advisory/Synology_SA_21_26 • CWE-384: Session Fixation •

CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0

An improper authentication vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.20 ( 2022/02/15 ) and later Photo Station 5.7.16 ( 2022/02/11 ) and later Photo Station 5.4.13 ( 2022/02/11 ) and later Se ha informado de una vulnerabilidad de autenticación inapropiada que afecta al dispositivo QNAP que ejecuta Photo Station. Si es explotada, esta vulnerabilidad permite a atacantes comprometer la seguridad del sistema. Ya hemos corregido esta vulnerabilidad en las siguientes versiones de Photo Station: Photo Station 6.0.20 ( 15/02/2022 ) y posteriores Photo Station 5.7.16 ( 11/02/2022 ) y posteriores Photo Station 5.4.13 ( 11/02/2022 ) y posteriores • https://www.qnap.com/en/security-advisory/qsa-22-15 • CWE-287: Improper Authentication •