nxapplet.jar in No Machine NX Web Companion 3.x and previous versions does not properly verify the authenticity of updates, which allows user-assisted remote malicious users to execute arbitrary code via a crafted (1) SiteUrl or (2) RedirectUrl parameter that points to a Trojan Horse client.zip update file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
nomachine nx web companion 3.2.0-1 |
||
nomachine nx web companion 3.1.0-1 |
||
nomachine nx web companion 2.0.0-1 |
||
nomachine nx web companion 1.5.0 |
||
nomachine nx web companion 3.0.0-5 |
||
nomachine nx web companion 3.0.0-4 |
||
nomachine nx web companion 3.0.0-3 |
||
nomachine nx web companion 3.0.0-2 |
||
nomachine nx web companion 3.4.0-2 |
||
nomachine nx web companion 3.4.0-1 |
||
nomachine nx web companion 3.0.0-1 |
||
nomachine nx web companion 2.1.0-1 |
||
nomachine nx web companion |
||
nomachine nx web companion 3.3.0-2 |
||
nomachine nx web companion 3.3.0-1 |
||
nomachine nx web companion 3.4.0-3 |
||
nomachine nx web companion 3.5.0-1 |