Vulnerabilities > Synology

DATE CVE VULNERABILITY TITLE RISK
2017-05-12 CVE-2016-10329 Command Injection vulnerability in Synology Photo Station
Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to execute arbitrary code via shell metacharacters in the crafted 'X-Forwarded-For' header.
network
low complexity
synology CWE-77
critical
9.8
2017-04-10 CVE-2016-10323 Permissions, Privileges, and Access Controls vulnerability in Synology Photo Station
Synology Photo Station before 6.3-2958 allows local users to gain privileges by leveraging setuid execution of a "synophoto_dsm_user --copy-no-ea" command.
local
low complexity
synology CWE-264
7.8
2017-04-10 CVE-2016-10322 Command Injection vulnerability in Synology Photo Station
Synology Photo Station before 6.3-2958 allows remote authenticated guest users to execute arbitrary commands via shell metacharacters in the X-Forwarded-For HTTP header to photo/login.php.
network
low complexity
synology CWE-77
8.8