CVE-2021-29091

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to write arbitrary files via unspecified vectors...

CVE-2021-29090

Improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in PHP component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary SQL command via unspecified vectors...

CVE-2021-29092

Unrestricted upload of file with dangerous type vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary code via unspecified vectors...

Synology Photo Station SQL注入漏洞

Synology Photo Station is a solution for sharing pictures, videos and blogs over the Internet from Synology Inc. of Taiwan, China. A SQL injection vulnerability exists in Synology Photo Station versions prior to 6.8.14-3500, which can be exploited by attackers to execute arbitrary SQL commands vi...

Information disclosure

Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emitrequestbody option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or authentication tokens. This could allow an Elasticsearch...