Synaman

synaman

Vendor: Synametrics • 6 CVEs

CVEs (6)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-26251 1Synametrics 1Synaman Nov 21, 2024 Apr 6, 2022 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 The HTTP interface of Synaman v5.1 and below was discovered to allow authenticated attackers to execute arbitrary code and escalate privileges.
CVE-2022-26250 1Synametrics 1Synaman Nov 21, 2024 Apr 6, 2022 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Synaman v5.1 and below was discovered to contain weak file permissions which allows authenticated attackers to escalate privileges.
CVE-2022-22828 1Synametrics 1Synaman Nov 21, 2024 Jan 27, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An insecure direct object reference for the file-download URL in Synametrics SynaMan before 5.0 allows a remote attacker to access unshared files via a modified base64-encoded filename string.
CVE-2015-3140 1Synametrics 3Synaman SyncrifySyntail Nov 21, 2024 Nov 21, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies SynaMan before 3.5 Build 1451, Syncrify before 3.7 Build 856, and SynTail before 1.5 Build 567
CVE-2018-10814 1Synametrics 1Synaman Nov 21, 2024 Sep 14, 2018 N/A· v4 7.8 HIGH· v3 2.1 LOW· v2 Synametrics SynaMan 4.0 build 1488 uses cleartext password storage for SMTP credentials.
CVE-2018-10763 1Synametrics 1Synaman Nov 21, 2024 Sep 14, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 Multiple cross-site scripting (XSS) vulnerabilities in Synametrics SynaMan 4.0 build 1488 via the (1) Main heading or (2) Sub heading fields in the Partial Branding configuration page.