M-TECH P-Synch 6.2.5 Path Disclosure Vulnerability

2014-07-01T00:00:00
ID SSV:76473
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                source: http://www.securityfocus.com/bid/7740/info

Reportedly an attacker may make a malicious HTTP request for specific P-Synch executables passing an empty URI parameter to trigger the condition. Although unconfirmed, it is likely that the request will cause P-Sync to display an error message containing the path to the executable.

This vulnerability was reported to affect P-Synch version 6.2.5 other versions may also be affected. 

https://www.example.org/psynch/nph-psa.exe?lang=
https://www.example.org/psynch/nph-psf.exe?lang=