CVSS: 10.0EPSS: 32%CPEs: 2EXPL: 1CVE-2022-36536 – Syncovery For Linux Web-GUI Session Token Brute-Forcer
https://notcve.org/view.php?id=CVE-2022-36536
16 Sep 2022 — An issue in the component post_applogin.php of Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below allows attackers to escalate privileges via creating crafted session tokens. Un problema en el componente post_applogin.php de Super Flexible Software GmbH & Co. KG Syncovery 9 para Linux versiones v9.47x y anteriores, permite a atacantes escalar privilegios por medio de la creación de tokens de sesión diseñados • http://super.com • CWE-330: Use of Insufficiently Random Values •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-36533
https://notcve.org/view.php?id=CVE-2022-36533
16 Sep 2022 — Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to contain a cross-site scripting (XSS) vulnerability. Se ha detectado que Super Flexible Software GmbH & Co. KG Syncovery 9 para Linux versiones v9.47x y anteriores, contiene una vulnerabilidad de tipo cross-site scripting (XSS) • http://super.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 26%CPEs: 2EXPL: 2CVE-2022-36534 – Syncovery For Linux Web-GUI Authenticated Remote Command Execution
https://notcve.org/view.php?id=CVE-2022-36534
16 Sep 2022 — Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to contain multiple remote code execution (RCE) vulnerabilities via the Job_ExecuteBefore and Job_ExecuteAfter parameters at post_profilesettings.php. Se ha detectado que Super Flexible Software GmbH & Co. KG Syncovery 9 para Linux versiones v9.47x y anteriores, contiene múltiples vulnerabilidades de ejecución de código remota (RCE) por medio de los parámetros Job_ExecuteBefore y Job_ExecuteAfter en el archivo po... • http://packetstormsecurity.com/files/170245/Syncovery-For-Linux-Web-GUI-Authenticated-Remote-Command-Execution.html •