Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nchsoftware vulnerabilities and exploits
(subscribe to this query)
6.9
CVSSv2
CVE-2010-5220
Untrusted search path vulnerability in MEO Encryption Software 2.02 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .meo or .cry file. NOTE: some of these details are obtaine...
Nchsoftware Meo Encryption Software 2.02
6.5
CVSSv2
CVE-2021-37444
NCH IVM Attendant v5.12 and previous versions suffers from a directory traversal weakness upon uploading plugins in a ZIP archive. This can lead to code execution if a ZIP element's pathname is set to a Windows startup folder, a file for the inbuilt Out-Going Message functio...
Nchsoftware Ivm Attendant
6.5
CVSSv2
CVE-2020-11561
In NCH Express Invoice 7.25, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as the "Add New Item" screen.
Nchsoftware Express Invoice 7.25
5.5
CVSSv2
CVE-2021-37443
NCH IVM Attendant v5.12 and previous versions allows path traversal via the logdeleteselected check0 parameter for file deletion.
Nchsoftware Ivm Attendant
5.5
CVSSv2
CVE-2021-37447
In NCH Quorum v2.03 and previous versions, an authenticated user can use directory traversal via documentdelete?file=/.. for file deletion.
Nchsoftware Quorum
4
CVSSv2
CVE-2021-37442
NCH IVM Attendant v5.12 and previous versions allows path traversal via viewfile?file=/.. to read files.
Nchsoftware Ivm Attendant
4
CVSSv2
CVE-2021-37445
In NCH Quorum v2.03 and previous versions, an authenticated user can use directory traversal via logprop?file=/.. for file reading.
Nchsoftware Quorum
4
CVSSv2
CVE-2021-37446
In NCH Quorum v2.03 and previous versions, an authenticated user can use directory traversal via documentprop?file=/.. for file reading.
Nchsoftware Quorum
4
CVSSv2
CVE-2020-13474
In NCH Express Accounts 8.24 and previous versions, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as Add/Edit users.
Nchsoftware Express Accounts
3.5
CVSSv2
CVE-2021-37449
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and previous versions via /ogmlist?folder= (reflected).
Nchsoftware Ivm Attendant
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »