Show filters
6 Total Results
Displaying 1-6 of 6
Sort by:
Attacker Value
Unknown

CVE-2022-26251

Disclosure Date: April 06, 2022 (last updated February 23, 2025)
The HTTP interface of Synaman v5.1 and below was discovered to allow authenticated attackers to execute arbitrary code and escalate privileges.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-26250

Disclosure Date: April 06, 2022 (last updated February 23, 2025)
Synaman v5.1 and below was discovered to contain weak file permissions which allows authenticated attackers to escalate privileges.
Attack Vector: LocalPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-22828

Disclosure Date: January 27, 2022 (last updated February 23, 2025)
An insecure direct object reference for the file-download URL in Synametrics SynaMan before 5.0 allows a remote attacker to access unshared files via a modified base64-encoded filename string.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2015-3140

Disclosure Date: November 21, 2019 (last updated November 27, 2024)
Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies SynaMan before 3.5 Build 1451, Syncrify before 3.7 Build 856, and SynTail before 1.5 Build 567
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2018-10814

Disclosure Date: September 14, 2018 (last updated November 27, 2024)
Synametrics SynaMan 4.0 build 1488 uses cleartext password storage for SMTP credentials.
0
0
Attacker Value
Unknown

CVE-2018-10763

Disclosure Date: September 14, 2018 (last updated November 27, 2024)
Multiple cross-site scripting (XSS) vulnerabilities in Synametrics SynaMan 4.0 build 1488 via the (1) Main heading or (2) Sub heading fields in the Partial Branding configuration page.
0
0