Page 3 of 32 results (0.005 seconds)

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions prior to 6.0.10. Se ha reportado una vulnerabilidad de tipo cross-site scripting afecta a versiones anteriores de Photo Station. • https://www.qnap.com/en/security-advisory/qsa-20-11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •

CVSS: 9.8EPSS: 97%CPEs: 8EXPL: 1

This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions. Esta vulnerabilidad de control externo del nombre de archivo o de ruta permite a atacantes remotos acceder o modificar archivos del sistema. Para corregir la vulnerabilidad, QNAP recomienda actualizar Photo Station a sus últimas versiones. QNAP QTS and Photo Station version 6.0.3 suffers from a remote command execution vulnerability. • http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html https://www.qnap.com/zh-tw/security-advisory/nas-201911-25 https://infosecwriteups.com/qnap-pre-auth-root-rce-affecting-450k-devices-on-the-internet-d55488d28a05 https://www.qnap.com/en-us/security-advisory/nas-201911-25 https://github.com/Imanfeng/QNAP-NAS-RCE • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.8EPSS: 97%CPEs: 8EXPL: 1

This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions. Esta vulnerabilidad de control externo del nombre de archivo o de ruta permite a atacantes remotos acceder o modificar archivos del sistema. Para corregir la vulnerabilidad, QNAP recomienda actualizar Photo Station a sus últimas versiones. QNAP QTS and Photo Station version 6.0.3 suffers from a remote command execution vulnerability. • http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html https://www.qnap.com/zh-tw/security-advisory/nas-201911-25 https://infosecwriteups.com/qnap-pre-auth-root-rce-affecting-450k-devices-on-the-internet-d55488d28a05 https://www.qnap.com/en-us/security-advisory/nas-201911-25 https://github.com/Imanfeng/QNAP-NAS-RCE • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.8EPSS: 96%CPEs: 8EXPL: 1

This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions. Esta vulnerabilidad de control de acceso inapropiada permite a atacantes remotos conseguir acceso no autorizado al sistema. Para corregir estas vulnerabilidades, QNAP recomienda actualizar Photo Station a sus últimas versiones. QNAP QTS and Photo Station version 6.0.3 suffers from a remote command execution vulnerability. • http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html https://www.qnap.com/zh-tw/security-advisory/nas-201911-25 https://infosecwriteups.com/qnap-pre-auth-root-rce-affecting-450k-devices-on-the-internet-d55488d28a05 https://www.qnap.com/en-us/security-advisory/nas-201911-25 https://github.com/Imanfeng/QNAP-NAS-RCE • CWE-863: Incorrect Authorization •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.8.0-3456 allows remote authenticated users to inject arbitrary web scripts or HTML via the id parameter. Vulnerabilidad de Cross-Site Scripting (XSS) en PixlrEditorHandler.php en Synology Photo Station en versiones anteriores a la 6.8.0-3456 permite que atacantes remotos autenticados inyecten scripts web o HTML arbitrarios mediante el parámetro id. • https://www.synology.com/en-global/support/security/Synology_SA_17_80 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •