6 results (0.001 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2022-26250

https://notcve.org/view.php?id=CVE-2022-26250

06 Apr 2022 — Synaman v5.1 and below was discovered to contain weak file permissions which allows authenticated attackers to escalate privileges. Se ha detectado que Synaman versiones v5.1 y anteriores, contiene permisos de archivo débiles que permiten a atacantes autenticados escalar privilegios • http://synaman.com • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1

CVE-2022-26251

https://notcve.org/view.php?id=CVE-2022-26251

06 Apr 2022 — The HTTP interface of Synaman v5.1 and below was discovered to allow authenticated attackers to execute arbitrary code and escalate privileges. Se ha detectado que la interfaz HTTP de Synaman versiones v5.1 y anteriores permite a atacantes autenticados ejecutar código arbitrario y escalar privilegios • http://synaman.com • CWE-269: Improper Privilege Management •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2022-22828

https://notcve.org/view.php?id=CVE-2022-22828

27 Jan 2022 — An insecure direct object reference for the file-download URL in Synametrics SynaMan before 5.0 allows a remote attacker to access unshared files via a modified base64-encoded filename string. Una referencia de objeto directa no segura para la URL de descarga de archivos en Synametrics SynaMan versiones anteriores a 5.0, permite a un atacante remoto acceder a archivos no compartidos por medio de una cadena de nombre de archivo codificada en base64 modificada • https://github.com/videnlabs/CVE-2022-22828 • CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2

CVE-2018-10763 – SynaMan 4.0 build 1488 - (Authenticated) Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2018-10763

12 Sep 2018 — Multiple cross-site scripting (XSS) vulnerabilities in Synametrics SynaMan 4.0 build 1488 via the (1) Main heading or (2) Sub heading fields in the Partial Branding configuration page. Múltiples vulnerabilidades Cross-Site Scripting (XSS) en Synametrics SynaMan 4.0 build 1488 mediante (1) la cabecera Main o (2) los campos de cabecera Sub en la página de configuración Partial Branding. SynaMan version 4.0 build 1488 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/45386 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-10814 – SynaMan 4.0 build 1488 - SMTP Credential Disclosure

https://notcve.org/view.php?id=CVE-2018-10814

11 Sep 2018 — Synametrics SynaMan 4.0 build 1488 uses cleartext password storage for SMTP credentials. Synametrics SynaMan 4.0 build 1488 emplea el almacenamiento en texto claro de contraseñas para las credenciales SMTP. SynaMan version 4.0 build 1488 suffers from an SMTP credential disclosure vulnerability. • https://www.exploit-db.com/exploits/45387 • CWE-522: Insufficiently Protected Credentials •

CVSS: 8.8EPSS: 0%CPEs: 100EXPL: 3

CVE-2015-3140 – SynaMan 3.4 Build 1436 - Multiple Vulnerabilities

https://notcve.org/view.php?id=CVE-2015-3140

08 May 2015 — Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies SynaMan before 3.5 Build 1451, Syncrify before 3.7 Build 856, and SynTail before 1.5 Build 567 Múltiples vulnerabilidades de tipo cross-site request forgery (CSRF) en Synametrics Technologies SynaMan versiones anteriores a 3.5 Build 1451, Syncrify versiones anteriores a 3.7 Build 856 y SynTail versiones anteriores a 1.5 Build 567. Syncrify Server version 3.6 build 833 suffers from cross site request forgery and cross site... • https://www.exploit-db.com/exploits/36951 • CWE-352: Cross-Site Request Forgery (CSRF) •