Filtered by vendor Synology
Subscriptions
Total
282 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-11156 | 1 Synology | 1 Download Station | 2024-11-21 | N/A |
| Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code by uploading an executable via unspecified vectors. | ||||
| CVE-2017-11155 | 1 Synology | 1 Photo Station | 2024-11-21 | N/A |
| An information exposure vulnerability in index.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to obtain sensitive system information via unspecified vectors. | ||||
| CVE-2017-11154 | 1 Synology | 1 Photo Station | 2024-11-21 | N/A |
| Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to create arbitrary PHP scripts via the type parameter. | ||||
| CVE-2017-11153 | 1 Synology | 1 Photo Station | 2024-11-21 | N/A |
| Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to gain administrator privileges via a crafted serialized payload. | ||||
| CVE-2017-11152 | 1 Synology | 1 Photo Station | 2024-11-21 | N/A |
| Directory traversal vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to write arbitrary files via the path parameter. | ||||
| CVE-2017-11151 | 1 Synology | 1 Photo Station | 2024-11-21 | N/A |
| A vulnerability in synotheme_upload.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to upload arbitrary files without authentication via the logo_upload action. | ||||
| CVE-2017-11150 | 1 Synology | 1 Office | 2024-11-21 | N/A |
| Command injection vulnerability in Document.php in Synology Office 2.2.0-1502 and 2.2.1-1506 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the crafted file name of RTF documents. | ||||
| CVE-2017-11149 | 1 Synology | 1 Download Station | 2024-11-21 | N/A |
| Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary local files via crafted URI. | ||||
| CVE-2017-11148 | 1 Synology | 1 Chat | 2024-11-21 | N/A |
| Server-side request forgery (SSRF) vulnerability in link preview in Synology Chat before 1.1.0-0806 allows remote authenticated users to access intranet resources via unspecified vectors. | ||||
| CVE-2016-6554 | 1 Synology | 6 Ds107, Ds107 Firmware, Ds116 and 3 more | 2024-11-21 | N/A |
| Synology NAS servers DS107, firmware version 3.1-1639 and prior, and DS116, DS213, firmware versions prior to 5.2-5644-1, use non-random default credentials of: guest:(blank) and admin:(blank) . A remote network attacker can gain privileged access to a vulnerable device. | ||||
| CVE-2016-10331 | 1 Synology | 1 Photo Station | 2024-11-21 | N/A |
| Directory traversal vulnerability in download.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to read arbitrary files via a full pathname in the id parameter. | ||||
| CVE-2016-10330 | 1 Synology | 1 Photo Station | 2024-11-21 | N/A |
| Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors. | ||||
| CVE-2016-10329 | 1 Synology | 1 Photo Station | 2024-11-21 | N/A |
| Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to execute arbitrary code via shell metacharacters in the crafted 'X-Forwarded-For' header. | ||||
| CVE-2016-10323 | 1 Synology | 1 Photo Station | 2024-11-21 | N/A |
| Synology Photo Station before 6.3-2958 allows local users to gain privileges by leveraging setuid execution of a "synophoto_dsm_user --copy-no-ea" command. | ||||
| CVE-2016-10322 | 1 Synology | 1 Photo Station | 2024-11-21 | N/A |
| Synology Photo Station before 6.3-2958 allows remote authenticated guest users to execute arbitrary commands via shell metacharacters in the X-Forwarded-For HTTP header to photo/login.php. | ||||
| CVE-2015-9105 | 1 Synology | 1 Video Station | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Synology Video Station 1.2 before 1.2-0455, 1.5 before 1.5-0772, and 1.6 before 1.6-0847 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) file name or (2) collection name of videos. | ||||
| CVE-2015-9104 | 1 Synology | 1 Audio Station | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerabilities in Synology Audio Station 5.1 before 5.1-2550 and 5.4 before 5.4-2857 allows remote authenticated attackers to inject arbitrary web script or HTML via the album title. | ||||
| CVE-2015-9103 | 1 Synology | 1 Note Station | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Synology Note Station 1.1-0212 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) note title or (2) file name of attachments. | ||||
| CVE-2015-9102 | 1 Synology | 1 Photo Station | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 before 6.0-2638 and 6.3 before 6.3-2962 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) album name, (2) file name of uploaded photos, (3) description of photos, or (4) tag of the photos. | ||||
| CVE-2015-6913 | 1 Synology | 1 Download Station | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the "Create download task via URL" feature in Synology Download Station before 3.5-2967 allows remote attackers to inject arbitrary web script or HTML via the urls parameter in an add_url_task action to dlm/downloadman.cgi. | ||||