| Max CVSS | 7.5 | Min CVSS | 5.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2017-11152 | 5.0 |
Directory traversal vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to write arbitrary files via the path parameter.
|
09-10-2019 - 23:21 | 08-08-2017 - 15:29 | |
| CVE-2017-11154 | 6.5 |
Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to create arbitrary PHP scripts via the type parameter.
|
09-10-2019 - 23:21 | 08-08-2017 - 15:29 | |
| CVE-2017-11155 | 5.0 |
An information exposure vulnerability in index.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to obtain sensitive system information via unspecified vectors.
|
09-10-2019 - 23:21 | 08-08-2017 - 15:29 | |
| CVE-2017-11153 | 7.5 |
Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to gain administrator privileges via a crafted serialized payload.
|
09-10-2019 - 23:21 | 08-08-2017 - 15:29 | |
| CVE-2017-11151 | 7.5 |
A vulnerability in synotheme_upload.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to upload arbitrary files without authentication via the logo_upload action.
|
09-10-2019 - 23:21 | 08-08-2017 - 15:29 |