Synametrics

synametrics

8 CVEs • 4 products

Products (4)

Click to collapse

Toggle

CVEs (8)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-26251 1Synametrics 1Synaman Nov 21, 2024 Apr 6, 2022 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 The HTTP interface of Synaman v5.1 and below was discovered to allow authenticated attackers to execute arbitrary code and escalate privileges.
CVE-2022-26250 1Synametrics 1Synaman Nov 21, 2024 Apr 6, 2022 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Synaman v5.1 and below was discovered to contain weak file permissions which allows authenticated attackers to escalate privileges.
CVE-2022-22828 1Synametrics 1Synaman Nov 21, 2024 Jan 27, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An insecure direct object reference for the file-download URL in Synametrics SynaMan before 5.0 allows a remote attacker to access unshared files via a modified base64-encoded filename string.
CVE-2015-3140 1Synametrics 3Synaman SyncrifySyntail Nov 21, 2024 Nov 21, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies SynaMan before 3.5 Build 1451, Syncrify before 3.7 Build 856, and SynTail before 1.5 Build 567
CVE-2018-10814 1Synametrics 1Synaman Nov 21, 2024 Sep 14, 2018 N/A· v4 7.8 HIGH· v3 2.1 LOW· v2 Synametrics SynaMan 4.0 build 1488 uses cleartext password storage for SMTP credentials.
CVE-2018-10763 1Synametrics 1Synaman Nov 21, 2024 Sep 14, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 Multiple cross-site scripting (XSS) vulnerabilities in Synametrics SynaMan 4.0 build 1488 via the (1) Main heading or (2) Sub heading fields in the Partial Branding configuration page.
CVE-2015-3141 1Synametrics 1Xeams May 6, 2026 May 20, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies Xeams 4.5 Build 5755 and earlier allow remote attackers to hijack the authentication of administrators for requests that create an (1...Show more Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies Xeams 4.5 Build 5755 and earlier allow remote attackers to hijack the authentication of administrators for requests that create an (1) SMTP domain or a (2) user via a request to /FrontController; or conduct cross-site scripting (XSS) attacks via the (3) domainname parameter to /FrontController, when creating a new SMTP domain configuration; the (4) txtRecipient parameter to /FrontController, when creating a new forwarder; the (5) popFetchServer, (6) popFetchUser, or (7) popFetchRecipient parameter to /FrontController, when creating a new POP3 Fetcher account; or the (8) Smtp HELO domain in the Advanced Server Configuration.Show less
CVE-2012-2569 1Synametrics 1Xeams May 6, 2026 Jun 19, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in Synametrics Technologies Xeams 4.4 Build 5720 allows remote attackers to inject arbitrary web script or HTML via the body of an email.