Vulnerabilities > Nchsoftware > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-25 | CVE-2021-37443 | Path Traversal vulnerability in Nchsoftware IVM Attendant 5.12 NCH IVM Attendant v5.12 and earlier allows path traversal via the logdeleteselected check0 parameter for file deletion. | 8.1 |
| 2021-07-25 | CVE-2021-37444 | Unrestricted Upload of File with Dangerous Type vulnerability in Nchsoftware IVM Attendant 5.12 NCH IVM Attendant v5.12 and earlier suffers from a directory traversal weakness upon uploading plugins in a ZIP archive. | 8.8 |
| 2021-07-25 | CVE-2021-37447 | Path Traversal vulnerability in Nchsoftware Quorum In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentdelete?file=/.. | 8.1 |
| 2020-04-07 | CVE-2020-11560 | Insufficiently Protected Credentials vulnerability in Nchsoftware Express Invoice 7.25 NCH Express Invoice 7.25 allows local users to discover the cleartext password by reading the configuration file. | 7.8 |
| 2020-04-07 | CVE-2020-11561 | Forced Browsing vulnerability in Nchsoftware Express Invoice 7.25 In NCH Express Invoice 7.25, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as the "Add New Item" screen. | 8.8 |