Vulnerabilities > Synology

DATE	CVE	VULNERABILITY TITLE	RISK
2017-06-30	CVE-2015-9103	Cross-site Scripting vulnerability in Synology Note Station Multiple cross-site scripting (XSS) vulnerabilities in Synology Note Station 1.1-0212 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) note title or (2) file name of attachments. network synology CWE-79	3.5
2017-06-30	CVE-2015-9102	Cross-site Scripting vulnerability in Synology Photo Station Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 before 6.0-2638 and 6.3 before 6.3-2962 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) album name, (2) file name of uploaded photos, (3) description of photos, or (4) tag of the photos. network synology CWE-79	3.5
2017-06-13	CVE-2017-9552	Improper Authentication vulnerability in Synology Photo Station A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. local low complexity synology CWE-287	2.1
2017-05-12	CVE-2016-10331	Path Traversal vulnerability in Synology Photo Station Directory traversal vulnerability in download.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to read arbitrary files via a full pathname in the id parameter. network low complexity synology CWE-22	5.0
2017-05-12	CVE-2016-10330	Path Traversal vulnerability in Synology Photo Station Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors. local low complexity synology CWE-22	7.1
2017-05-12	CVE-2016-10329	Command Injection vulnerability in Synology Photo Station Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to execute arbitrary code via shell metacharacters in the crafted 'X-Forwarded-For' header. network low complexity synology CWE-77	7.5
2017-04-10	CVE-2016-10323	Permissions, Privileges, and Access Controls vulnerability in Synology Photo Station Synology Photo Station before 6.3-2958 allows local users to gain privileges by leveraging setuid execution of a "synophoto_dsm_user --copy-no-ea" command. local low complexity synology CWE-264	7.2
2017-04-10	CVE-2016-10322	Command Injection vulnerability in Synology Photo Station Synology Photo Station before 6.3-2958 allows remote authenticated guest users to execute arbitrary commands via shell metacharacters in the X-Forwarded-For HTTP header to photo/login.php. network low complexity synology CWE-77	6.5
2015-09-11	CVE-2015-6913	Cross-site Scripting vulnerability in Synology Download Station Cross-site scripting (XSS) vulnerability in the "Create download task via URL" feature in Synology Download Station before 3.5-2967 allows remote attackers to inject arbitrary web script or HTML via the urls parameter in an add_url_task action to dlm/downloadman.cgi. network synology CWE-79	4.3
2015-09-11	CVE-2015-6912	Command Injection vulnerability in Synology Video Station Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary shell commands via shell metacharacters in the subtitle_codepage parameter to subtitle.cgi. network low complexity synology CWE-77 critical	10.0

Vulnerabilities > Synology {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Synology"}]}

Vulnerabilities > Synology