|
|
Security Vulnerabilities
(CVSS score between 5 and 5.99)
| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
5051 |
CVE-2016-1000032 |
284 |
|
|
2016-10-25 |
2017-01-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
TGCaptcha2 version 0.3.0 is vulnerable to a replay attack due to a missing nonce allowing attackers to use a single solved CAPTCHA multiple times. |
|
5052 |
CVE-2016-1000009 |
254 |
|
|
2016-10-06 |
2018-04-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
TP-LINK lost control of two domains, www.tplinklogin.net and tplinkextender.net. Please note that these domains are physically printed on many of the devices. |
|
5053 |
CVE-2016-1000001 |
601 |
|
|
2016-10-07 |
2017-02-19 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
flask-oidc version 0.1.2 and earlier is vulnerable to an open redirect |
|
5054 |
CVE-2016-10728 |
20 |
|
|
2018-07-23 |
2018-09-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
An issue was discovered in Suricata before 3.1.2. If an ICMPv4 error packet is received as the first packet on a flow in the to_client direction, it confuses the rule grouping lookup logic. The toclient inspection will then continue with the wrong rule group. This can lead to missed detection. |
|
5055 |
CVE-2016-10727 |
200 |
|
+Info |
2018-07-20 |
2018-09-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. The server code was intended to report an error and not proceed, but the code was written incorrectly. |
|
5056 |
CVE-2016-10726 |
22 |
|
Dir. Trav. |
2018-07-10 |
2018-09-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The XMLUI feature in DSpace before 3.6, 4.x before 4.5, and 5.x before 5.5 allows directory traversal via the themes/ path in an attack with two or more arbitrary characters and a colon before a pathname, as demonstrated by a themes/Reference/aa:etc/passwd URI. |
|
5057 |
CVE-2016-10725 |
310 |
|
|
2018-07-05 |
2018-08-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Bitcoin Core before v0.13.0, a non-final alert is able to block the special "final alert" (which is supposed to override all other alerts) because operations occur in the wrong order. This behavior occurs in the remote network alert system (deprecated since Q1 2016). This affects other uses of the codebase, such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins. |
|
5058 |
CVE-2016-10718 |
20 |
|
DoS |
2018-04-03 |
2018-05-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Brave Browser before 0.13.0 allows a tab to close itself even if the tab was not opened by a script, resulting in denial of service. |
|
5059 |
CVE-2016-10712 |
20 |
|
|
2018-02-09 |
2018-03-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). For example, a "$uri = stream_get_meta_data(fopen($file, "r"))['uri']" call mishandles the case where $file is data:text/plain;uri=eviluri, -- in other words, metadata can be set by an attacker. |
|
5060 |
CVE-2016-10708 |
476 |
|
DoS |
2018-01-21 |
2018-11-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. |
|
5061 |
CVE-2016-10707 |
400 |
|
DoS |
2018-01-18 |
2018-02-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit. |
|
5062 |
CVE-2016-10702 |
200 |
|
+Info |
2017-11-28 |
2017-12-20 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Pebble Smartwatch devices through 4.3 mishandle UUID storage, which allows attackers to read an arbitrary application's flash storage, and access an arbitrary application's JavaScript instance, by modifying a UUID value within the header of a crafted application binary. |
|
5063 |
CVE-2016-10561 |
22 |
|
Dir. Trav. |
2018-05-31 |
2018-07-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Bitty is a development web server tool that functions similar to `python -m SimpleHTTPServer`. Version 0.2.10 has a directory traversal vulnerability that is exploitable via the URL path in GET requests. |
|
5064 |
CVE-2016-10556 |
89 |
|
Sql |
2018-05-29 |
2018-07-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS In Postgres, SQLite, and Microsoft SQL Server there is an issue where arrays are treated as strings and improperly escaped. This causes potential SQL injection in sequelize 3.19.3 and earlier, where a malicious user could put `["test", "'); DELETE TestTable WHERE Id = 1 --')"]` inside of ``` database.query('SELECT * FROM TestTable WHERE Name IN (:names)', { replacements: { names: directCopyOfUserInput } }); ``` and cause the SQL statement to become `SELECT Id FROM Table WHERE Name IN ('test', '\'); DELETE TestTable WHERE Id = 1 --')`. In Postgres, MSSQL, and SQLite, the backslash has no special meaning. This causes the the statement to delete whichever Id has a value of 1 in the TestTable table. |
|
5065 |
CVE-2016-10552 |
254 |
|
|
2018-05-31 |
2018-07-03 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
igniteui 0.0.5 and earlier downloads JavaScript and CSS resources over insecure protocol. |
|
5066 |
CVE-2016-10543 |
20 |
|
Bypass |
2018-05-31 |
2018-07-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
call is an HTTP router that is primarily used by the hapi framework. There exists a bug in call versions 2.0.1-3.0.1 that does not validate empty parameters, which could result in invalid input bypassing the route validation rules. |
|
5067 |
CVE-2016-10542 |
20 |
|
|
2018-05-31 |
2018-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process. This affects ws 1.1.0 and earlier. |
|
5068 |
CVE-2016-10540 |
20 |
|
|
2018-05-31 |
2018-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript `RegExp` objects. The primary function, `minimatch(path, pattern)` in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the `pattern` parameter. |
|
5069 |
CVE-2016-10539 |
20 |
|
DoS |
2018-05-31 |
2018-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted string. |
|
5070 |
CVE-2016-10527 |
399 |
|
|
2018-05-31 |
2018-07-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The riot-compiler version version 2.3.21 has an issue in a regex (Catastrophic Backtracking) thats make it unusable under certain conditions. |
|
5071 |
CVE-2016-10526 |
532 |
|
|
2018-05-31 |
2018-08-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A common setup to deploy to gh-pages on every commit via a CI system is to expose a github token to ENV and to use it directly in the auth part of the url. In module versions < 0.9.1 the auth portion of the url is outputted as part of the grunt tasks logging function. If this output is publicly available then the credentials should be considered compromised. |
|
5072 |
CVE-2016-10523 |
119 |
|
Overflow |
2018-05-31 |
2018-07-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
MQTT before 3.4.6 and 4.0.x before 4.0.5 allows specifically crafted MQTT packets to crash the application, making a DoS attack feasible with very little bandwidth. |
|
5073 |
CVE-2016-10521 |
20 |
|
DoS |
2018-05-31 |
2018-06-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
jshamcrest is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in to the emailAddress validator. |
|
5074 |
CVE-2016-10520 |
20 |
|
DoS |
2018-05-31 |
2018-06-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
jadedown is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in. |
|
5075 |
CVE-2016-10519 |
200 |
|
+Info |
2018-05-31 |
2018-08-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A security issue was found in bittorrent-dht before 5.1.3 that allows someone to send a specific series of messages to a listening peer and get it to reveal internal memory. |
|
5076 |
CVE-2016-10518 |
119 |
|
Overflow |
2018-05-31 |
2018-08-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A vulnerability was found in the ping functionality of the ws module before 1.0.0 which allowed clients to allocate memory by sending a ping frame. The ping functionality by default responds with a pong frame and the previously given payload of the ping frame. This is exactly what you expect, but internally ws always transforms all data that we need to send to a Buffer instance and that is where the vulnerability existed. ws didn't do any checks for the type of data it was sending. With buffers in node when you allocate it when a number instead of a string it will allocate the amount of bytes. |
|
5077 |
CVE-2016-10483 |
20 |
|
|
2018-04-18 |
2018-05-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 410/12, SD 615/16/SD 415, SD 808, and SD 810, improper input validation while processing SCM Command can lead to unauthorized memory access. |
|
5078 |
CVE-2016-10469 |
20 |
|
|
2018-04-18 |
2018-05-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, incorrect implementation of RSA padding functions in CORE. |
|
5079 |
CVE-2016-10447 |
824 |
|
|
2018-04-18 |
2018-05-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, and SDX20, secure UI crash due to uninitialized link list entry in dynamic font module. |
|
5080 |
CVE-2016-10446 |
16 |
|
|
2018-04-18 |
2018-05-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 820, SD 820A, and SD 835, incorrect configuration of the OCIMEM MPU may provide NonSecure Software access to OCIMEM memory used by TZ. |
|
5081 |
CVE-2016-10438 |
200 |
|
+Info |
2018-04-18 |
2018-05-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Android before 2018-04-05 or earlier security patch level on Qualcomm Small Cell SoC, Snapdragon Mobile, and Snapdragon Wear FSM9055, IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, QCA4531, QCA9980, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, and SDX20, information exposure vulnerability when logging debug statement due to %p usage. |
|
5082 |
CVE-2016-10437 |
200 |
|
+Info |
2018-04-18 |
2018-05-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Android before 2018-04-05 or earlier security patch level on Qualcomm Small Cell SoC, Snapdragon Mobile, and Snapdragon Wear FSM9055, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, and SDX20, while logging debug statements or ftrace events from rmnet_data, the socket buffer function uses normal format specifiers which may result in information exposure. |
|
5083 |
CVE-2016-10434 |
287 |
|
|
2018-04-18 |
2018-05-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 820 and SD 820A, the input to RPMB write response function is a buffer from HLOS that needs to be authenticated (using HMAC) and then processed. However, some of the processing occurs before the buffer is authenticated. The function will return various types of errors depending on the values of the `response` and `result` fields of the buffer before verifying the HMAC tag. |
|
5084 |
CVE-2016-10429 |
19 |
|
|
2018-04-18 |
2018-05-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
In Android before 2018-04-05 or earlier security patch level on Qualcomm Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear FSM9055, IPQ4019, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, and SDX20, three image types are loaded in the same manner without distinguishing them. |
|
5085 |
CVE-2016-10428 |
200 |
|
+Info |
2018-04-18 |
2018-05-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, HMAC verification in counter file uses an insecure memcmp which may assist a timing attack. |
|
5086 |
CVE-2016-10423 |
200 |
|
+Info |
2018-04-18 |
2018-05-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, when a Trusted Application has opened the SPI interface to a particular device, it is possible for another Trusted Application to read the data on this open interface due to non-exclusive access of the SPI bus. |
|
5087 |
CVE-2016-10418 |
284 |
|
|
2018-04-18 |
2018-05-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, and SD 835, HLOS can enable PMIC debug through TCSR_QPDI_DISABLE_CFG due to improper access control. |
|
5088 |
CVE-2016-10415 |
476 |
|
DoS |
2018-04-18 |
2018-05-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, dereference of an invalid input parameter could cause a denial of service. |
|
5089 |
CVE-2016-10406 |
200 |
|
+Info |
2018-04-18 |
2018-05-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, and SD 835, while printing debug message of a pointer in wlan_qmi_err_cb, the real kernel address will be printed regardless of the kptr_restrict system settings. |
|
5090 |
CVE-2016-10400 |
22 |
|
Dir. Trav. |
2017-07-22 |
2017-07-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory Traversal exists in ATutor before 2.2.2 via the icon parameter to /mods/_core/courses/users/create_course.php. The attacker can read an arbitrary file by visiting get_course_icon.php?id= after the traversal attack. |
|
5091 |
CVE-2016-10399 |
538 |
|
File Inclusion |
2017-07-27 |
2017-08-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Sendio versions before 8.2.1 were affected by a Local File Inclusion vulnerability that allowed an unauthenticated, remote attacker to read potentially sensitive system files via a specially crafted URL. |
|
5092 |
CVE-2016-10397 |
20 |
|
Bypass |
2017-07-10 |
2018-01-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:80#@good.example.com/ and evil.example.com:[email protected]/ inputs to the parse_url function (implemented in the php_url_parse_ex function in ext/standard/url.c). |
|
5093 |
CVE-2016-10377 |
119 |
|
Overflow Bypass |
2017-05-29 |
2017-06-07 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Open vSwitch (OvS) 2.5.0, a malformed IP packet can cause the switch to read past the end of the packet buffer due to an unsigned integer underflow in `lib/flow.c` in the function `miniflow_extract`, permitting remote bypass of the access control list enforced by the switch. |
|
5094 |
CVE-2016-10370 |
284 |
|
|
2017-05-11 |
2017-05-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
An issue was discovered on OnePlus devices such as the 3T. The OnePlus OTA Updater pushes the signed-OTA image over HTTP without TLS. While it does not allow for installation of arbitrary OTAs (due to the digital signature), it unnecessarily increases the attack surface, and allows for remote exploitation of other vulnerabilities such as CVE-2017-5948, CVE-2017-8850, and CVE-2017-8851. |
|
5095 |
CVE-2016-10368 |
601 |
|
|
2017-05-03 |
2017-05-17 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Open redirect vulnerability in Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the back parameter to the /login URI. |
|
5096 |
CVE-2016-10367 |
22 |
|
Dir. Trav. Bypass |
2017-05-03 |
2017-05-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch), an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request utilizing a simple URL encoding bypass, %252f instead of /. |
|
5097 |
CVE-2016-10365 |
601 |
|
|
2017-06-16 |
2017-06-28 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Kibana versions before 4.6.3 and 5.0.1 have an open redirect vulnerability that would enable an attacker to craft a link in the Kibana domain that redirects to an arbitrary website. |
|
5098 |
CVE-2016-10363 |
404 |
|
DoS |
2017-06-16 |
2017-07-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting malicious Netflow v5, Netflow v9 or IPFIX packets could perform a denial of service attack on the Logstash instance. The errors resulting from these crafted inputs are not handled by the codec and can cause the Logstash process to exit. |
|
5099 |
CVE-2016-10339 |
200 |
|
+Info |
2017-06-13 |
2017-07-07 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
In all Android releases from CAF using the Linux kernel, HLOS can overwite secure memory or read contents of the keystore. |
|
5100 |
CVE-2016-10331 |
22 |
|
Dir. Trav. |
2017-05-12 |
2017-05-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in download.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to read arbitrary files via a full pathname in the id parameter. |
|
|
