Syncrify < 2.1 Build 420 Multiple Security Bypass Vulnerabilities

high Nessus Plugin ID 49659

Synopsis

The remote web server hosts an application that is affected by multiple security bypass vulnerabilities.

Description

According to its version, the remote installation of Syncrify is affected by multiple security bypass vulnerabilities :

- The application fails to restrict access to the password management page and allows users to change the administrator's password by directly accessing that page.

- It is possible for users to browse and download unauthorized files by accessing them directly.

Solution

Upgrade to Syncrify 2.1 build 420, or later.

See Also

http://web.synametrics.com/SyncrifyVersionHistory.htm

Plugin Details

Severity: High

ID: 49659

File Name: syncrify_2_1_build420.nasl

Version: 1.8

Type: remote

Family: CGI abuses

Published: 9/23/2010

Updated: 1/19/2021

Supported Sensors: Nessus

Vulnerability Information

Required KB Items: www/syncrify

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/17/2010

Vulnerability Publication Date: 9/17/2010

Reference Information

BID: 43333

Secunia: 41520