SynaMan
by Synametrics
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-3140 | 0.03 | — | 0.01 | Nov 21, 2019 | Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies SynaMan before 3.5 Build 1451, Syncrify before 3.7 Build 856, and SynTail before 1.5 Build 567 | |||
| CVE-2018-10763 | 0.03 | — | 0.02 | Sep 14, 2018 | Multiple cross-site scripting (XSS) vulnerabilities in Synametrics SynaMan 4.0 build 1488 via the (1) Main heading or (2) Sub heading fields in the Partial Branding configuration page. | |||
| CVE-2018-10814 | 0.03 | — | 0.01 | Sep 14, 2018 | Synametrics SynaMan 4.0 build 1488 uses cleartext password storage for SMTP credentials. | |||
| CVE-2022-26250 | 0.00 | — | 0.00 | Apr 6, 2022 | Synaman v5.1 and below was discovered to contain weak file permissions which allows authenticated attackers to escalate privileges. | |||
| CVE-2022-26251 | 0.00 | — | 0.02 | Apr 6, 2022 | The HTTP interface of Synaman v5.1 and below was discovered to allow authenticated attackers to execute arbitrary code and escalate privileges. | |||
| CVE-2022-22828 | 0.00 | — | 0.02 | Jan 27, 2022 | An insecure direct object reference for the file-download URL in Synametrics SynaMan before 5.0 allows a remote attacker to access unshared files via a modified base64-encoded filename string. |
- CVE-2015-3140Nov 21, 2019risk 0.03cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies SynaMan before 3.5 Build 1451, Syncrify before 3.7 Build 856, and SynTail before 1.5 Build 567
- CVE-2018-10763Sep 14, 2018risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Synametrics SynaMan 4.0 build 1488 via the (1) Main heading or (2) Sub heading fields in the Partial Branding configuration page.
- CVE-2018-10814Sep 14, 2018risk 0.03cvss —epss 0.01
Synametrics SynaMan 4.0 build 1488 uses cleartext password storage for SMTP credentials.
- CVE-2022-26250Apr 6, 2022risk 0.00cvss —epss 0.00
Synaman v5.1 and below was discovered to contain weak file permissions which allows authenticated attackers to escalate privileges.
- CVE-2022-26251Apr 6, 2022risk 0.00cvss —epss 0.02
The HTTP interface of Synaman v5.1 and below was discovered to allow authenticated attackers to execute arbitrary code and escalate privileges.
- CVE-2022-22828Jan 27, 2022risk 0.00cvss —epss 0.02
An insecure direct object reference for the file-download URL in Synametrics SynaMan before 5.0 allows a remote attacker to access unshared files via a modified base64-encoded filename string.