|
|
Info |
Last Modified |
| 5 months ago |
|
|
|
|
Description |
By modifying the URL of a request to P-Synch to end with 'psynch/nph-psa.exe?lang=' users will recieve an error message that includes the physical path to the P-Synch product
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Information Disclosure,
Input Manipulation
Impact:
Loss of Confidentiality
Exploit:
Exploit Available
OSVDB:
Web Related
|
|
Solution |
Installing a filtering firewall/proxy server inline before P-Synch product should be able to filter malformed requests. Vendor has also reported that patches are now available. Secunia reports that customers are asked to contact M-Tech sales department at +1 403 233 0740 for further information about how to optain the patches.
|
|
Products |
|
P-Synch
 |
6.2.5 |
|
|
|
|
Credit |
- JeiAr - jeiar
gulftech.org - GulfTech Security Research Team
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|