CVSS: 9.8EPSS: 96%CPEs: 8EXPL: 1CVE-2019-7192 – QNAP Photo Station Improper Access Control Vulnerability
https://notcve.org/view.php?id=CVE-2019-7192
This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions. Esta vulnerabilidad de control de acceso inapropiada permite a atacantes remotos conseguir acceso no autorizado al sistema. Para corregir estas vulnerabilidades, QNAP recomienda actualizar Photo Station a sus últimas versiones. QNAP QTS and Photo Station version 6.0.3 suffers from a remote command execution vulnerability. • http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html https://www.qnap.com/zh-tw/security-advisory/nas-201911-25 • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-0722
https://notcve.org/view.php?id=CVE-2018-0722
Path Traversal vulnerability in Photo Station versions: 5.7.2 and earlier in QTS 4.3.4, 5.4.4 and earlier in QTS 4.3.3, 5.2.8 and earlier in QTS 4.2.6 could allow remote attackers to access sensitive information on the device. Existe una vulnerabilidad de salto de directorio en las siguientes versiones de Photo Station que podría permitir a los atacantes remotos acceder a información sensible en el dispositivo: 5.72 y anteriores en QTS 4.3.4, 5.44 y anteriores en QTS 4.3.3 y 5.28 y anteriores en QTS 4.2.6. • https://www.qnap.com/zh-tw/security-advisory/nas-201901-14 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-0715 – QNAP Photo Station 5.7.0 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-0715
Cross-site scripting vulnerability in QNAP Photo Station versions 5.7.0 and earlier could allow remote attackers to inject Javascript code in the compromised application. Vulnerabilidad Cross-Site Scripting (XSS) en QNAP Photo Station en versiones 5.7.0 y anteriores podría permitir que atacantes remotos inyecten código JavaScript en la aplicación comprometida. QNAP Photo Station version 5.7.0 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/45348 https://www.qnap.com/zh-tw/security-advisory/nas-201808-23 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-13073
https://notcve.org/view.php?id=CVE-2017-13073
Cross-site scripting (XSS) vulnerability in QNAP NAS application Photo Station versions 5.2.7, 5.4.3, and their earlier versions could allow remote attackers to inject arbitrary web script or HTML. Vulnerabilidad Cross-Site Scripting (XSS) en la aplicación Photo Station de QNAP NAS, en versiones 5.2.7, 5.4.3 y anteriores, permite que los atacantes remotos inyecten scripts web o HTML arbitrarios. • https://www.qnap.com/zh-tw/security-advisory/nas-201804-23 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12072
https://notcve.org/view.php?id=CVE-2017-12072
Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.8.0-3456 allows remote authenticated users to inject arbitrary web scripts or HTML via the id parameter. Vulnerabilidad de Cross-Site Scripting (XSS) en PixlrEditorHandler.php en Synology Photo Station en versiones anteriores a la 6.8.0-3456 permite que atacantes remotos autenticados inyecten scripts web o HTML arbitrarios mediante el parámetro id. • https://www.synology.com/en-global/support/security/Synology_SA_17_80 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •