23 matches found
CVE-2017-17099
Summary: CVE-2017-17099 affects Flexense SyncBreeze Enterprise’s HTTP server (v10.1.16). An unauthenticated, SEH-based buffer overflow is triggered by excessively long GET requests, enabling an attacker to overwrite the SEH record and execute payloads as the Windows SYSTEM account. The issue is d...
CVE-2017-15950
CVE-2017-15950 affects Flexense SyncBreeze Enterprise 10.1.16. The vulnerability is a stack-based buffer overflow triggered by a long input in the Destination directory field (in an XML document or via passive mode), allowing arbitrary code execution. Several public sources document the issue and...
CVE-2017-7310
CVE-2017-7310 is a buffer overflow in the Import Command of Flexense products (SyncBreeze Enterprise, Disk Sorter Enterprise Client, DiskBoss Enterprise Client, DiskPulse, DiskSavvy, DupScout, VX Search) prior to version 10.6 (DiskPulse/DupScout/Sync Breeze variants noted in multiple advisories)....
CVE-2017-14980
CVE-2017-14980 — Sync Breeze Enterprise vulnerable to a stack-based buffer overflow in the web login interface (Sync Breeze Enterprise 10.0.28). A remote, unauthenticated attacker can cause memory corruption and achieve remote code execution via a long username parameter to /login. Public PoCs an...
CVE-2017-17088
The CVE-2017-17088 entry concerns SyncBreeze Enterprise (versions 10.2.12 and earlier). Affected component: the web server’s handling of Host header requests. Root cause: the server does not properly check bounds when reading server requests in the Host header, allowing a Buffer Overflow. Impact:...
CVE-2017-13696
CVE-2017-13696 describes a buffer overflow in the web server component of Dup Scout Enterprise 9.9.14, Disk Savvy Enterprise 9.9.14, Sync Breeze Enterprise 9.9.16, and Disk Pulse Enterprise 9.9.16, triggered by crafting a malicious GET request. The flaw arises from improper handling/sanitization ...
CVE-2017-15664
CVE-2017-15664 affects Flexense Sync Breeze Enterprise v10.1.16. The vulnerability is a denial-of-service in the Control Protocol caused by processing a crafted SERVER_GET_INFO packet sent to TCP/9121, leading to availability impact. Public materials in the provided documents include a packet str...
CVE-2018-8065
CVE-2018-8065 affects Flexense SyncBreeze Enterprise 10.6.24 and earlier, where the web server component (syncbrs.exe) is vulnerable to a user‑mode write access memory violation triggered by sending requests with long HTTP headers or long URIs. The issue enables a Denial of Service condition, wit...
CVE-2018-6537
Flexense SyncBreeze Enterprise 10.4.18 is affected by a buffer overflow in the control protocol. The vulnerability allows remote code execution when an attacker sends a crafted packet to TCP port 9121. Reported details indicate the flaw is exploitable remotely without authentication, leading to p...
CVE-2018-10563
Flexense SyncBreeze Enterprise (file synchronization tool) contains a cross-site scripting vulnerability affecting versions 10.1 through 10.7. The issue enables a remote attacker to execute script in the user context, potentially exposing sensitive data or taking control of the user’s system. No ...
CVE-2017-17996
Flexense SyncBreeze Enterprise
CVE-2025-59899
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 are affected by a persistent authenticated Cross-Site Scripting (XSS) vulnerability. The issue stems from insufficient validation of input in the /server_options?sid= endpoint, impacting the parameters tasks_logs_dir, error...
CVE-2025-59896
CVE-2025-59896 describes a persistent authenticated cross-site scripting (XSS) vulnerability affecting Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. The issue arises from insufficient validation of user input in the command parameter path /add_command?sid=, specifical...
CVE-2020-37100
CVE-2020-37100 affects Sync Breeze Enterprise 12.4.18 with an unquoted service path, enabling local attackers to run arbitrary code with elevated privileges by hijacking the service startup path. The vulnerability concerns the binary path used to start a Windows service and allows placement of ma...
CVE-2025-59894
CVE-2025-59894 is a CSRF flaw affecting Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. The issue arises from missing CSRF token validation, enabling an authenticated attacker to induce other logged-in users to perform unintended actions, such as issuing a POST to delet...
CVE-2025-59895
CVE-2025-59895 affects Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. The vulnerability is a remote DoS in the configuration restore function caused by insufficient validation of user-supplied data, leading to an unresponsive service. In a successful scenario, the serv...
CVE-2025-59898
CVE-2025-59898 affects Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. The issue is a persistent authenticated Cross-Site Scripting (XSS) vulnerability caused by insufficient validation of user input in the exclude_dir parameter (endpoint /add_exclude_dir?sid=). An atta...
CVE-2020-36946
SyncBreeze 10.0.28 has a login endpoint denial of service vulnerability. Remote attackers can send an oversized login payload to crash the service, potentially disrupting availability. Exploit exists per external reference; no remediation details are provided in the available documents.
CVE-2025-59892
Cross-Site Request Forgery (CSRF) vulnerability affecting Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. Root cause: lack of proper CSRF token implementation allows an authenticated user to cause actions on behalf of another user. Practical impact includes unauthentica...
CVE-2025-59893
CVE-2025-59893 is a CSRF vulnerability affecting Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated attacker could induce another user to perform unwanted actions due to missing CSRF token protection. The description notes a specific vector: a POST request...
CVE-2025-59891
CVE-2025-59891 is a CSRF vulnerability affecting Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. The root cause is lack of proper CSRF token handling, enabling an authenticated attacker to coerce other users to perform actions in the app (e.g., via POST to /setup_login?...
CVE-2025-59897
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 have a persistent authenticated XSS vulnerability due to insufficient validation of user input in the /edit_command?sid= endpoint, affecting source_dir and dest_dir parameters. An attacker could deliver malicious content to...
CVE-2025-59900
CVE-2025-59900 describes a persistent authenticated Cross-Site Scripting (XSS) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. Root cause: insufficient validation of user input in the request path related to server options, specifically in “/server_opti...