Vulnerabilities > Synology

DATE	CVE	VULNERABILITY TITLE	RISK
2017-08-14	CVE-2017-11150	OS Command Injection vulnerability in Synology Office 2.2.01502/2.2.11506 Command injection vulnerability in Document.php in Synology Office 2.2.0-1502 and 2.2.1-1506 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the crafted file name of RTF documents. local low complexity synology CWE-78	7.8
2017-08-14	CVE-2017-11149	Server-Side Request Forgery (SSRF) vulnerability in Synology Download Station Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary local files via crafted URI. network low complexity synology CWE-918	6.5
2017-08-11	CVE-2017-9556	Cross-site Scripting vulnerability in Synology Video Station Cross-site scripting (XSS) vulnerability in Video Metadata Editor in Synology Video Station before 2.3.0-1435 allows remote authenticated attackers to inject arbitrary web script or HTML via the title parameter. network low complexity synology CWE-79	5.4
2017-08-11	CVE-2017-11148	Server-Side Request Forgery (SSRF) vulnerability in Synology Chat Server-side request forgery (SSRF) vulnerability in link preview in Synology Chat before 1.1.0-0806 allows remote authenticated users to access intranet resources via unspecified vectors. network low complexity synology CWE-918	6.5
2017-08-08	CVE-2017-11155	Information Exposure vulnerability in Synology Photo Station An information exposure vulnerability in index.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to obtain sensitive system information via unspecified vectors. network low complexity synology CWE-200	7.5
2017-08-08	CVE-2017-11154	Unrestricted Upload of File with Dangerous Type vulnerability in Synology Photo Station Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to create arbitrary PHP scripts via the type parameter. network low complexity synology CWE-434	7.2
2017-08-08	CVE-2017-11153	Deserialization of Untrusted Data vulnerability in Synology Photo Station Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to gain administrator privileges via a crafted serialized payload. network low complexity synology CWE-502 critical	9.8
2017-08-08	CVE-2017-11152	Path Traversal vulnerability in Synology Photo Station Directory traversal vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to write arbitrary files via the path parameter. network low complexity synology CWE-22	7.5
2017-08-08	CVE-2017-11151	Improper Authentication vulnerability in Synology Photo Station A vulnerability in synotheme_upload.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to upload arbitrary files without authentication via the logo_upload action. network low complexity synology CWE-287 critical	9.8
2017-07-24	CVE-2017-9554	Information Exposure vulnerability in Synology Diskstation Manager An information exposure vulnerability in forget_passwd.cgi in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to enumerate valid usernames via unspecified vectors. network low complexity synology CWE-200	5.3

Vulnerabilities > Synology {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Synology"}]}

Vulnerabilities > Synology