Vulnerabilities > Extensis

DATE CVE VULNERABILITY TITLE RISK
2022-03-01 CVE-2022-24251 Unrestricted Upload of File with Dangerous Type vulnerability in Extensis Portfolio 4.0
Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the Catalog Asset Upload function.
network
low complexity
extensis CWE-434
8.8
8.8
2022-03-01 CVE-2022-24252 Unrestricted Upload of File with Dangerous Type vulnerability in Extensis Portfolio 4.0
An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted file.
network
low complexity
extensis CWE-434
8.8
8.8
2022-03-01 CVE-2022-24253 Unrestricted Upload of File with Dangerous Type vulnerability in Extensis Portfolio 4.0
Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the component AdminFileTransferServlet.
network
low complexity
extensis CWE-434
8.8
8.8
2022-03-01 CVE-2022-24254 Unrestricted Upload of File with Dangerous Type vulnerability in Extensis Portfolio 4.0
An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted ZIP file.
network
low complexity
extensis CWE-434
8.8
8.8
2022-03-01 CVE-2022-24255 Use of Hard-coded Credentials vulnerability in Extensis Portfolio 4.0
Extensis Portfolio v4.0 was discovered to contain hardcoded credentials which allows attackers to gain administrator privileges.
network
low complexity
extensis CWE-798
8.8
8.8
2020-01-02 CVE-2013-3946 Out-of-bounds Write vulnerability in Extensis Mrsid
Heap-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a levels header.
local
low complexity
extensis CWE-787
7.8
7.8
2020-01-02 CVE-2013-3945 Improper Input Validation vulnerability in Extensis Mrsid
The MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a nband tag.
local
low complexity
extensis CWE-20
7.8
7.8
2020-01-02 CVE-2013-3944 Out-of-bounds Write vulnerability in Extensis Mrsid
Stack-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via an IMAGE tag.
local
low complexity
extensis CWE-787
7.8
7.8
2018-01-01 CVE-2017-18006 Cross-site Scripting vulnerability in Extensis Portfolio Netpublish
netpub/server.np in Extensis Portfolio NetPublish has XSS in the quickfind parameter, aka Open Bug Bounty ID OBB-290447.
network
low complexity
extensis CWE-79
6.1
6.1