CVE-2022-22681

< 6.8.16-3506

Session fixation vulnerability in access control management in Synology Photo Station before 6.8.16-3506 allows remote attackers t

8.1HIGH

CVE-2021-29089

>= 6.8 and < 6.8.14-3500

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in thumbnail component in Synol

9.8CRITICAL

CVE-2021-29091

>= 6.8 and < 6.8.14-3500

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file management component in Synol

7.7HIGH

CVE-2021-29090

>= 6.8 and < 6.8.14-3500

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in PHP component in Synology Ph

7.2HIGH

CVE-2021-29092

>= 6.8 and < 6.8.14-3500

Unrestricted upload of file with dangerous type vulnerability in file management component in Synology Photo Station before 6.8.14

8.8HIGH

CVE-2019-11822

>= 6.3 and < 6.3-2977

Relative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 a

4.3MEDIUM

CVE-2019-11821

>= 6.3 and < 6.3-2977

SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows rem

7.3HIGH

CVE-2018-13282

>= 6.3 and < 6.3-2976

Session fixation vulnerability in SYNO.PhotoStation.Auth in Synology Photo Station before 6.8.7-3481 allows remote attackers to hi

5.6MEDIUM

CVE-2018-8926

>= 6.3-2958 and <= 6.3-2975

Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before 6.8.5-3471 and before 6.3-2975

8.8HIGH

CVE-2018-8925

>= 6.3-2944 and < 6.3-2975

Cross-site request forgery (CSRF) vulnerability in admin/user.php in Synology Photo Station before 6.8.5-3471 and before 6.3-2975

8.8HIGH

CVE-2017-16772

>= 6.8 and < 6.8.3-3463

Improper input validation vulnerability in SYNOPHOTO_Flickr_MultiUpload in Synology Photo Station before 6.8.3-3463 and before 6.3

8.8HIGH

CVE-2017-16771

>= 6.8 and < 6.8.3-3463

Cross-site scripting (XSS) vulnerability in Log Viewer in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remo

6.1MEDIUM

CVE-2017-16769

all versions

Exposure of private information vulnerability in Photo Viewer in Synology Photo Station 6.8.1-3458 allows remote attackers to obta

5.3MEDIUM

CVE-2017-12072

< 6.8.0-3456

Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.8.0-3456 allows remote authe

5.4MEDIUM

CVE-2017-12080

>= 6.3 and < 6.3-2970

An information exposure vulnerability in default HTTP configuration file in Synology Photo Station before 6.8.1-3458 and before 6.

5.3MEDIUM

CVE-2017-12079

>= 6.8 and < 6.8.1-3458

Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station before 6.8.1-3458 and be

7.5HIGH

CVE-2017-12071

<= 6.3-2967

Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allow

6.5MEDIUM

CVE-2017-11162

<= 6.3-2967

Directory traversal vulnerability in synphotoio in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticat

6.5MEDIUM

CVE-2017-11161

<= 6.3-2967

Multiple SQL injection vulnerabilities in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allow remote attackers to execute

9.8CRITICAL

CVE-2017-9555

<= 6.6.3-3347

Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.0-3414 allows remote attac

5.4MEDIUM

CVE-2017-11155

<= 6.7.2-3429

An information exposure vulnerability in index.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attacker

7.5HIGH

CVE-2017-11154

<= 6.7.2-3429

Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows r

7.2HIGH

CVE-2017-11153

<= 6.7.2-3429

Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote

9.8CRITICAL

CVE-2017-11152

<= 6.7.2-3429

Directory traversal vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote

7.5HIGH

CVE-2017-11151

<= 6.7.2-3429

A vulnerability in synotheme_upload.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to upload

9.8CRITICAL

CVE-2015-9102

<= 6.3-2960

Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 before 6.0-2638 and 6.3 before 6.3-2962 allow re

5.4MEDIUM

CVE-2017-9552

all versions

A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via

7.8HIGH

CVE-2016-10331

<= 6.5.2-3225

Directory traversal vulnerability in download.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to read arbi

7.5HIGH

CVE-2016-10330

<= 6.5.2-3225

Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allow

7.1HIGH

CVE-2016-10329

<= 6.5.2-3225

Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to execute arbitr

9.8CRITICAL

CVE-2016-10323

< 6.3-2958

Synology Photo Station before 6.3-2958 allows local users to gain privileges by leveraging setuid execution of a "synophoto_dsm_us

7.8HIGH

CVE-2016-10322

<= 6.3-2954

Synology Photo Station before 6.3-2958 allows remote authenticated guest users to execute arbitrary commands via shell metacharact

8.8HIGH

CVE-2015-4656

<= 6.3-2944

Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station before 6.3-2945 allow remote attackers to inject arb

CVE-2012-1556

all versions

Cross-site scripting (XSS) vulnerability in Synology Photo Station 5 for DiskStation Manager (DSM) 3.2-1955 allows remote attacker