CVE-2015-3140
published 2019-11-21CVE-2015-3140: Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies SynaMan before 3.5 Build 1451, Syncrify before 3.7 Build 856, and…
PriorityP347high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
1.29%
66.7th percentile
Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies SynaMan before 3.5 Build 1451, Syncrify before 3.7 Build 856, and SynTail before 1.5 Build 567
Affected
36 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| synametrics | synaman | — | — |
| synametrics | synaman | — | — |
| synametrics | synaman | — | — |
| synametrics | synaman | — | — |
| synametrics | synaman | — | — |
| synametrics | synaman | — | — |
| synametrics | synaman | — | — |
| synametrics | synaman | — | — |
| synametrics | synaman | — | — |
| synametrics | synaman | — | — |
| synametrics | synaman | — | — |
| synametrics | synaman | — | — |
| synametrics | synaman | — | — |
| synametrics | synaman | — | — |
| synametrics | synaman | — | — |
| synametrics | syncrify | — | — |
| synametrics | syncrify | — | — |
| synametrics | syncrify | — | — |
| synametrics | syncrify | — | — |
| synametrics | syncrify | — | — |
| synametrics | syncrify | — | — |
| synametrics | syncrify | — | — |
| synametrics | syncrify | — | — |
| synametrics | syncrify | — | — |
| synametrics | syncrify | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Linux Kernel 3.10.0 (CentOS / RHEL 7.1) - 'digi_acceleport' Nullpointer Dereference
exploitdb·2016-03-09
CVE-2016-3140 Linux Kernel 3.10.0 (CentOS / RHEL 7.1) - 'digi_acceleport' Nullpointer Dereference
Linux Kernel 3.10.0 (CentOS / RHEL 7.1) - 'digi_acceleport' Nullpointer Dereference
---
OS-S Security Advisory 2016-12
Linux digi_acceleport Nullpointer Dereference
Date: March 4th, 2016
Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg
CVE: not yet assigned
CVSS: 4.9 (AV:L/AC:L/Au:N/C:N/I:N/A:C)
Title: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes on invalid
USB device descriptors (digi_acceleport driver)
Severity: Critical. The Kernel panics. A reboot is required.
Ease of Exploitation: Trivial
Vulnerability type: Wrong input validation
Products: RHEL 7.1 including all updates
Kernel-Version: 3.10.0-229.20.1.el7.x86_64 (for debugging-purposes we used the
CentOS Kernel kernel-debuginfo-3.10.0-229.14.1.el7)
Vendor: Red Hat
Vendor contacted: November, 12th 2015
Exploit-DB
SynTail 1.5 Build 566 - Multiple Vulnerabilities
exploitdb·2015-05-08
CVE-2015-3140 SynTail 1.5 Build 566 - Multiple Vulnerabilities
SynTail 1.5 Build 566 - Multiple Vulnerabilities
---
# Exploit Title: Multiple vulnerabilities in SynTail 1.5 Build 566 (CSRF/Stored XSS)
# Date: 07-05-2015
# Exploit Author: Marlow Tannhauser
# Contact: [email protected]
# Vendor Homepage: http://www.synametrics.com
# Software Link: http://web.synametrics.com/SynTailDownload.htm
# Version: 1.5 Build 566. Earlier versions may also be affected.
# CVE: 2015-3140
# Category: Web apps
# DISCLOSURE TIMELINE #
08/02/2015: Initial disclosure to vendor and CERT
09/02/2015: Acknowledgment of vulnerabilities from vendor
11/02/2015: Disclosure deadline of 01/03/2015 agreed with vendor
19/02/2015: Disclosure deadline renegotiated to 01/04/2015 at vendor's request
09/04/2015: Disclosure deadline renegotiated to 20/04/2015 at vendor's reque
Exploit-DB
Syncrify Server 3.6 Build 833 - Multiple Vulnerabilities
exploitdb·2015-05-08
CVE-2015-3140 Syncrify Server 3.6 Build 833 - Multiple Vulnerabilities
Syncrify Server 3.6 Build 833 - Multiple Vulnerabilities
---
# Exploit Title: Multiple vulnerabilities in Syncrify Server 3.6 Build 833 (CSRF/Stored XSS)
# Date: 07-05-2015
# Exploit Author: Marlow Tannhauser
# Contact: [email protected]
# Vendor Homepage: http://www.synametrics.com
# Software Link: http://web.synametrics.com/SyncrifyDownload.htm
# Version: 3.6 Build 833. Earlier versions may also be affected.
# CVE: 2015-3140
# Category: Web apps
# DISCLOSURE TIMELINE #
08/02/2015: Initial disclosure to vendor and CERT
09/02/2015: Acknowledgment of vulnerabilities from vendor
11/02/2015: Disclosure deadline of 01/03/2015 agreed with vendor
19/02/2015: Disclosure deadline renegotiated to 01/04/2015 at vendor's request
09/04/2015: Disclosure deadline renegotiated to 20/04/2015
Exploit-DB
SynaMan 3.4 Build 1436 - Multiple Vulnerabilities
exploitdb·2015-05-08
CVE-2015-3140 SynaMan 3.4 Build 1436 - Multiple Vulnerabilities
SynaMan 3.4 Build 1436 - Multiple Vulnerabilities
---
# Exploit Title: Multiple vulnerabilities in SynaMan 3.4 Build 1436 (CSRF/Stored XSS)
# Date: 07-05-2015
# Exploit Author: Marlow Tannhauser
# Contact: [email protected]
# Vendor Homepage: http://www.synametrics.com
# Software Link: http://web.synametrics.com/SynaManDownload.htm
# Version: 3.4 Build 1436. Earlier versions may also be affected.
# CVE: 2015-3140
# Category: Web apps
# DISCLOSURE TIMELINE #
08/02/2015: Initial disclosure to vendor and CERT
09/02/2015: Acknowledgment of vulnerabilities from vendor
11/02/2015: Disclosure deadline of 01/03/2015 agreed with vendor
19/02/2015: Disclosure deadline renegotiated to 01/04/2015 at vendor's request
09/04/2015: Disclosure deadline renegotiated to 20/04/2015 at vendor's re
No writeups or analysis indexed.
http://web.synametrics.com/SynamanVersionHistory.htmhttps://web.synametrics.com/SyncrifyVersionHistory.htmhttps://web.synametrics.com/SyntailVersionHistory.htmhttp://web.synametrics.com/SynamanVersionHistory.htmhttps://web.synametrics.com/SyncrifyVersionHistory.htmhttps://web.synametrics.com/SyntailVersionHistory.htm
2019-11-21
Published