CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29091
https://notcve.org/view.php?id=CVE-2021-29091
02 Jun 2021 — Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to write arbitrary files via unspecified vectors. Una vulnerabilidad de limitación inapropiada de un nombre de ruta a un directorio restringido ("Path Traversal") en el componente file management en Synology Photo Station versiones anteriores a 6.8.14-3500, permite a usuarios remotos autenticados escribir arch... • https://www.synology.com/security/advisory/Synology_SA_20_20 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2021-29092
https://notcve.org/view.php?id=CVE-2021-29092
01 Jun 2021 — Unrestricted upload of file with dangerous type vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary code via unspecified vectors. Una vulnerabilidad de carga sin restricciones de archivos de tipo peligroso en el componente file management en Synology Photo Station versiones anteriores a 6.8.14-3500, permite a usuarios autenticados remotos ejecutar código arbitrario por medio de vectores no especificados • https://www.synology.com/security/advisory/Synology_SA_20_20 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2502 – Cross-site Scripting Vulnerability in Photo Station
https://notcve.org/view.php?id=CVE-2020-2502
17 Feb 2021 — This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. Photo Station 6.0.11 and later Esta vulnerabilidad de tipo cross-site scripting en Photo Station, permite a atacantes remotos inyectar código malicioso. QNAP ya ha corregido esta vulnerabilidad en las siguientes versiones de Photo Station. Photo Station versiones 6.0.11 y posterior • https://www.qnap.com/en/security-advisory/qsa-21-06 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0CVE-2020-2491 – Cross-site Scripting Vulnerability in Photo Station
https://notcve.org/view.php?id=CVE-2020-2491
10 Dec 2020 — This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. QTS 4.5.1: Photo Station 6.0.12 and later QTS 4.4.3: Photo Station 6.0.12 and later QTS 4.3.6: Photo Station 5.7.12 and later QTS 4.3.4: Photo Station 5.7.13 and later QTS 4.3.3: Photo Station 5.4.10 and later QTS 4.2.6: Photo Station 5.2.11 and later Esta vulnerabilidad de tipo cross-site scripting en Photo Stati... • https://www.qnap.com/en/security-advisory/qsa-20-15 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-19956
https://notcve.org/view.php?id=CVE-2018-19956
02 Nov 2020 — The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions prior to 6.0.10. Se ha reportado la vulnerabilidad de tipo cross-site scripting que afecta a versiones anteriores de Photo Station. • https://www.qnap.com/en/security-advisory/qsa-20-11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-19955
https://notcve.org/view.php?id=CVE-2018-19955
02 Nov 2020 — The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions prior to 6.0.10. Se ha reportado una vulnerabilidad de tipo cross-site scripting afecta a versiones anteriores de Photo Station. • https://www.qnap.com/en/security-advisory/qsa-20-11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-19954
https://notcve.org/view.php?id=CVE-2018-19954
02 Nov 2020 — The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions prior to 6.0.10. Se ha reportado una vulnerabilidad de tipo cross-site scripting afecta a versiones anteriores de Photo Station. • https://www.qnap.com/en/security-advisory/qsa-20-11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 9.8EPSS: 88%CPEs: 8EXPL: 3CVE-2019-7195 – QNAP Photo Station Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2019-7195
05 Dec 2019 — This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions. Esta vulnerabilidad de control externo del nombre de archivo o de ruta permite a atacantes remotos acceder o modificar archivos del sistema. Para corregir la vulnerabilidad, QNAP recomienda actualizar Photo Station a sus últimas versiones. QNAP QTS and Photo Station version 6.0.3 suffers from a remote comm... • https://packetstorm.news/files/id/180599 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 88%CPEs: 8EXPL: 3CVE-2019-7194 – QNAP Photo Station Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2019-7194
05 Dec 2019 — This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions. Esta vulnerabilidad de control externo del nombre de archivo o de ruta permite a atacantes remotos acceder o modificar archivos del sistema. Para corregir la vulnerabilidad, QNAP recomienda actualizar Photo Station a sus últimas versiones. QNAP QTS and Photo Station version 6.0.3 suffers from a remote comm... • https://packetstorm.news/files/id/180599 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 94%CPEs: 8EXPL: 5CVE-2019-7192 – QNAP Photo Station Improper Access Control Vulnerability
https://notcve.org/view.php?id=CVE-2019-7192
05 Dec 2019 — This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions. Esta vulnerabilidad de control de acceso inapropiada permite a atacantes remotos conseguir acceso no autorizado al sistema. Para corregir estas vulnerabilidades, QNAP recomienda actualizar Photo Station a sus últimas versiones. QNAP QTS and Photo Station version 6.0.3 suffers from a remote command execution... • https://packetstorm.news/files/id/180599 • CWE-863: Incorrect Authorization •