CVSS: 7.2EPSS: 45%CPEs: 2EXPL: 1CVE-2017-11154 – Synology Photo Station 6.7.3-3432 / 6.3-2967 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2017-11154
Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to create arbitrary PHP scripts via the type parameter. Una vulnerabilidad de subida de archivos sin restricciones en PixlrEditorHandler.php en Synology Photo Station en versiones anteriores a la 6.7.3-3432 y a la 6.3-2967 permite que atacantes remotos creen scripts PHP arbitrarios mediante el parámetro type. Synology Photo Station versions 6.7.3-3432 and 6.3-2967 suffer from a code execution vulnerability. • https://www.exploit-db.com/exploits/42434 https://www.synology.com/en-global/support/security/Synology_SA_17_34_PhotoStation • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 45%CPEs: 2EXPL: 1CVE-2017-11155 – Synology Photo Station 6.7.3-3432 / 6.3-2967 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2017-11155
An information exposure vulnerability in index.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to obtain sensitive system information via unspecified vectors. Una vulnerabilidad de exposición de información en index.php en Synology Photo Station en versiones anteriores a la 6.7.3-3432 y a la 6.3-2967 permite que atacantes remotos obtengan información sensible del sistema mediante vectores sin especificar. Synology Photo Station versions 6.7.3-3432 and 6.3-2967 suffer from a code execution vulnerability. • https://www.exploit-db.com/exploits/42434 https://www.synology.com/en-global/support/security/Synology_SA_17_34_PhotoStation • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-205: Observable Behavioral Discrepancy •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9102
https://notcve.org/view.php?id=CVE-2015-9102
Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 before 6.0-2638 and 6.3 before 6.3-2962 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) album name, (2) file name of uploaded photos, (3) description of photos, or (4) tag of the photos. Varias vulnerabilidades de XSS (cross-site scripting) en Synology Photo Station versión 6.0 y anteriores a la 6.0-2638, versión 6.3 y anteriores a la 6.3-2962, permiten a atacantes remotos autenticados inyectar secuencias de comandos web o HTML a través del (1) nombre del álbum (2) nombre de las imágenes subidas, (3) descripción de fotos, o (4) etiqueta de las fotos. • http://www.fortiguard.com/zeroday/FG-VD-15-103 http://www.fortiguard.com/zeroday/FG-VD-15-104 http://www.fortiguard.com/zeroday/FG-VD-15-109 http://www.fortiguard.com/zeroday/FG-VD-15-112 https://www.synology.com/en-global/support/security/Photo_Station_6_3_2962 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2017-9552
https://notcve.org/view.php?id=CVE-2017-9552
A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. Synology Photo Station employs the synophoto_dsm_user program to authenticate username and password by "synophoto_dsm_user --auth USERNAME PASSWORD", and local users are able to obtain credentials by sniffing "/proc/*/cmdline". Un fallo de diseño en la autenticación en Synology Photo Station de la versión 6.0-2528 a la 6.7.1-3419 permite que usuarios locales obtengan credenciales mediante cmdline. Synology Photo Station emplea el programa synophoto_dsm_user para autenticar el nombre de usuario y la contraseña por "synophoto_dsm_user --auth USERNAME PASSWORD" y los usuarios locales pueden obtener credenciales rastreando "/proc/*/cmdline". • http://blog.crozat.net/2017/06/synology-photostation-password-vulnerabilty.html https://www.synology.com/en-global/support/security/Photo_Station_CVE_2017_9552 • CWE-287: Improper Authentication CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2016-10331
https://notcve.org/view.php?id=CVE-2016-10331
Directory traversal vulnerability in download.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to read arbitrary files via a full pathname in the id parameter. Vulnerabilidad de salto de directorio en download.php en Synology Photo Station en versiones anteriores a la 6.5.3-3226, que permitiría a atacantes remotos leer ficheros arbitrarios a través de una ruta completa en el parámetro id. • https://bamboofox.github.io/2017/03/20/Synology-Bug-Bounty-2016/#Vul-06-Local-File-Inclusion https://www.synology.com/en-global/support/security/Photo_Station_6_5_3_3226 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •