13 matches found
CVE-2017-13696
CVE-2017-13696 describes a buffer overflow in the web server component of Dup Scout Enterprise 9.9.14, Disk Savvy Enterprise 9.9.14, Sync Breeze Enterprise 9.9.16, and Disk Pulse Enterprise 9.9.16, triggered by crafting a malicious GET request. The flaw arises from improper handling/sanitization ...
CVE-2018-10564
CVE-2018-10564 is a cross-site scripting vulnerability in Flexense DiskPulse Enterprise, affecting versions 10.4 through 10.7. The connected CNVD/NVD entries describe an XSS flaw that could allow a remote attacker to execute code in the victim’s context and potentially obtain sensitive informatio...
CVE-2025-59899
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 are affected by a persistent authenticated Cross-Site Scripting (XSS) vulnerability. The issue stems from insufficient validation of input in the /server_options?sid= endpoint, impacting the parameters tasks_logs_dir, error...
CVE-2025-59895
CVE-2025-59895 affects Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. The vulnerability is a remote DoS in the configuration restore function caused by insufficient validation of user-supplied data, leading to an unresponsive service. In a successful scenario, the serv...
CVE-2020-36927
DiskPulse Enterprise 13.6.14 is affected by an unquoted service path vulnerability in its Windows service configuration. The unquoted path is 'C:\Program Files\Disk Pulse Enterprise\bin\diskpls.exe', which could allow a local attacker to inject a malicious executable and escalate privileges. The ...
CVE-2025-59894
CVE-2025-59894 is a CSRF flaw affecting Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. The issue arises from missing CSRF token validation, enabling an authenticated attacker to induce other logged-in users to perform unintended actions, such as issuing a POST to delet...
CVE-2025-59898
CVE-2025-59898 affects Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. The issue is a persistent authenticated Cross-Site Scripting (XSS) vulnerability caused by insufficient validation of user input in the exclude_dir parameter (endpoint /add_exclude_dir?sid=). An atta...
CVE-2025-59893
CVE-2025-59893 is a CSRF vulnerability affecting Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated attacker could induce another user to perform unwanted actions due to missing CSRF token protection. The description notes a specific vector: a POST request...
CVE-2025-59896
CVE-2025-59896 describes a persistent authenticated cross-site scripting (XSS) vulnerability affecting Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. The issue arises from insufficient validation of user input in the command parameter path /add_command?sid=, specifical...
CVE-2025-59891
CVE-2025-59891 is a CSRF vulnerability affecting Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. The root cause is lack of proper CSRF token handling, enabling an authenticated attacker to coerce other users to perform actions in the app (e.g., via POST to /setup_login?...
CVE-2025-59892
Cross-Site Request Forgery (CSRF) vulnerability affecting Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. Root cause: lack of proper CSRF token implementation allows an authenticated user to cause actions on behalf of another user. Practical impact includes unauthentica...
CVE-2025-59897
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 have a persistent authenticated XSS vulnerability due to insufficient validation of user input in the /edit_command?sid= endpoint, affecting source_dir and dest_dir parameters. An attacker could deliver malicious content to...
CVE-2025-59900
CVE-2025-59900 describes a persistent authenticated Cross-Site Scripting (XSS) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. Root cause: insufficient validation of user input in the request path related to server options, specifically in “/server_opti...