CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47562 – Photo Station
https://notcve.org/view.php?id=CVE-2023-47562
02 Feb 2024 — An OS command injection vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: Photo Station 6.4.2 ( 2023/12/15 ) and later Se ha informado que una vulnerabilidad de inyección de comandos del sistema operativo afecta a Photo Station. Si se explota, la vulnerabilidad podría permitir a los usuarios autenticados ejecutar comandos a través de una ... • https://www.qnap.com/en/security-advisory/qsa-24-08 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47561 – Photo Station
https://notcve.org/view.php?id=CVE-2023-47561
02 Feb 2024 — A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Photo Station 6.4.2 ( 2023/12/15 ) and later Vulnerabilidad de Cross-Site Scripting (XSS) afecta a Photo Station. Si se explota, la vulnerabilidad podría permitir a los usuarios autenticados inyectar código malicioso a través de una red. Ya hemos soluciona... • https://www.qnap.com/en/security-advisory/qsa-24-08 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 94%CPEs: 11EXPL: 0CVE-2022-27593 – QNAP Photo Station Externally Controlled Reference Vulnerability
https://notcve.org/view.php?id=CVE-2022-27593
08 Sep 2022 — An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later Se ha informado una vulnerabilidad de re... • https://www.qnap.com/en/security-advisory/qsa-22-24 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22681
https://notcve.org/view.php?id=CVE-2022-22681
06 Jul 2022 — Session fixation vulnerability in access control management in Synology Photo Station before 6.8.16-3506 allows remote attackers to bypass security constraint via unspecified vectors. Una vulnerabilidad de Fijación de Sesión en la administración del control de acceso en Synology Photo Station versiones anteriores a 6.8.16-3506, permite a atacantes remotos omitir las restricciones de seguridad por medio de vectores no especificados • https://www.synology.com/security/advisory/Synology_SA_21_26 • CWE-384: Session Fixation •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2021-44057 – Improper authentication in Photo Station
https://notcve.org/view.php?id=CVE-2021-44057
05 May 2022 — An improper authentication vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.20 ( 2022/02/15 ) and later Photo Station 5.7.16 ( 2022/02/11 ) and later Photo Station 5.4.13 ( 2022/02/11 ) and later Se ha informado de una vulnerabilidad de autenticación inapropiada que afecta al dispositivo ... • https://www.qnap.com/en/security-advisory/qsa-22-15 • CWE-287: Improper Authentication •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2021-34356 – Stored XSS Vulnerability in Photo Station
https://notcve.org/view.php?id=CVE-2021-34356
01 Oct 2021 — A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.18 ( 2021/09/01 ) and later Se ha reportado de una vulnerabilidad de tipo cross-site scripting (XSS) que afecta al dispositivo QNAP que ejecuta Photo Station. Si es explotado, esta vulnerabilidad permiten a atacantes rem... • https://www.qnap.com/en/security-advisory/qsa-21-41 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.6EPSS: 0%CPEs: 4EXPL: 0CVE-2021-34355 – Stored XSS Vulnerability in Photo Station
https://notcve.org/view.php?id=CVE-2021-34355
01 Oct 2021 — A cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 5.4.10 ( 2021/08/19 ) and later Photo Station 5.7.13 ( 2021/08/19 ) and later Photo Station 6.0.18 ( 2021/09/01 ) and later Se ha reportado de una vulnerabilidad de tipo cross-site scripting (XSS) que afecta al NAS de QNAP que ... • https://www.qnap.com/en/security-advisory/qsa-21-42 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2021-34354 – Stored Cross-site Scripting Vulnerability in Photo Station
https://notcve.org/view.php?id=CVE-2021-34354
01 Oct 2021 — A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.18 ( 2021/09/01 ) and later Se ha reportado una vulnerabilidad de tipo cross-site scripting (XSS) que afecta al dispositivo de QNAP que ejecuta Photo Station. Si es explotado, esta vulnerabilidad permiten a atacantes rem... • https://www.qnap.com/en/security-advisory/qsa-21-41 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2021-29089
https://notcve.org/view.php?id=CVE-2021-29089
02 Jun 2021 — Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in thumbnail component in Synology Photo Station before 6.8.14-3500 allows remote attackers users to execute arbitrary SQL commands via unspecified vectors. Una vulnerabilidad de neutralización inapropiada de los elementos especiales usados en un comando SQL ("SQL Injection") en el componente thumbnail de Synology Photo Station versiones anteriores a 6.8.14-3500, permite a usuarios atacantes remotos ejecutar c... • https://www.synology.com/security/advisory/Synology_SA_20_20 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 0CVE-2021-29090
https://notcve.org/view.php?id=CVE-2021-29090
02 Jun 2021 — Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in PHP component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary SQL command via unspecified vectors. Una vulnerabilidad de neutralización inapropiada de los elementos especiales usados en un comando SQL ("SQL Injection") en el componente PHP en Synology Photo Station versiones anteriores a 6.8.14-3500, permite a usuarios remotos autenticados ejecutar un coma... • https://www.synology.com/security/advisory/Synology_SA_20_20 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •