CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-19954
https://notcve.org/view.php?id=CVE-2018-19954
The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions prior to 6.0.10. Se ha reportado una vulnerabilidad de tipo cross-site scripting afecta a versiones anteriores de Photo Station. • https://www.qnap.com/en/security-advisory/qsa-20-11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 9.8EPSS: 97%CPEs: 8EXPL: 1CVE-2019-7195 – QNAP Photo Station Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2019-7195
This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions. Esta vulnerabilidad de control externo del nombre de archivo o de ruta permite a atacantes remotos acceder o modificar archivos del sistema. Para corregir la vulnerabilidad, QNAP recomienda actualizar Photo Station a sus últimas versiones. QNAP QTS and Photo Station version 6.0.3 suffers from a remote command execution vulnerability. • http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html https://www.qnap.com/zh-tw/security-advisory/nas-201911-25 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 97%CPEs: 8EXPL: 1CVE-2019-7194 – QNAP Photo Station Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2019-7194
This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions. Esta vulnerabilidad de control externo del nombre de archivo o de ruta permite a atacantes remotos acceder o modificar archivos del sistema. Para corregir la vulnerabilidad, QNAP recomienda actualizar Photo Station a sus últimas versiones. QNAP QTS and Photo Station version 6.0.3 suffers from a remote command execution vulnerability. • http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html https://www.qnap.com/zh-tw/security-advisory/nas-201911-25 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 96%CPEs: 8EXPL: 1CVE-2019-7192 – QNAP Photo Station Improper Access Control Vulnerability
https://notcve.org/view.php?id=CVE-2019-7192
This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions. Esta vulnerabilidad de control de acceso inapropiada permite a atacantes remotos conseguir acceso no autorizado al sistema. Para corregir estas vulnerabilidades, QNAP recomienda actualizar Photo Station a sus últimas versiones. QNAP QTS and Photo Station version 6.0.3 suffers from a remote command execution vulnerability. • http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html https://www.qnap.com/zh-tw/security-advisory/nas-201911-25 • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-0722
https://notcve.org/view.php?id=CVE-2018-0722
Path Traversal vulnerability in Photo Station versions: 5.7.2 and earlier in QTS 4.3.4, 5.4.4 and earlier in QTS 4.3.3, 5.2.8 and earlier in QTS 4.2.6 could allow remote attackers to access sensitive information on the device. Existe una vulnerabilidad de salto de directorio en las siguientes versiones de Photo Station que podría permitir a los atacantes remotos acceder a información sensible en el dispositivo: 5.72 y anteriores en QTS 4.3.4, 5.44 y anteriores en QTS 4.3.3 y 5.28 y anteriores en QTS 4.2.6. • https://www.qnap.com/zh-tw/security-advisory/nas-201901-14 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •