RSS   Vulnerabilities for 'Video station'   RSS

2017-08-11
 
CVE-2017-9556

 

 
Cross-site scripting (XSS) vulnerability in Video Metadata Editor in Synology Video Station before 2.3.0-1435 allows remote authenticated attackers to inject arbitrary web script or HTML via the title parameter.

 
2017-06-30
 
CVE-2015-9105

 

 
Multiple cross-site scripting (XSS) vulnerabilities in Synology Video Station 1.2 before 1.2-0455, 1.5 before 1.5-0772, and 1.6 before 1.6-0847 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) file name or (2) collection name of videos.

 
2015-09-11
 
CVE-2015-6912

CWE-77
 

 
Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary shell commands via shell metacharacters in the subtitle_codepage parameter to subtitle.cgi.

 
 
CVE-2015-6911

CWE-89
 

 
SQL injection vulnerability in Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary SQL commands via the id parameter to watchstatus.cgi.

 
 
CVE-2015-6910

CWE-89
 

 
SQL injection vulnerability in Synology Video Station before 1.5-0757 allows remote attackers to execute arbitrary SQL commands via the id parameter to audiotrack.cgi.

 

 >>> Vendor: Synology 34 Products
DSM
Diskstation manager
Synology photo station
Ds photo+
Ds file
Ds audio
Cloud station
Photo station
Download station
Video station
Note station
Audio station
CHAT
Office
Photo station uploader
Assistant
Dns server
Router manager
Cloud station backup
Cloud station drive
Skynas
Virtual diskstation manager
Vs960hd firmware
Media server
Calendar
Drive
File station
Ds107 firmware
Ds116 firmware
Ds213 firmware
Vs960hd
Mailplus server
Ssl vpn client
Moments


Copyright 2019, cxsecurity.com

 

Back to Top