Vulnerabilities > Nchsoftware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-25 | CVE-2021-37442 | Path Traversal vulnerability in Nchsoftware IVM Attendant NCH IVM Attendant v5.12 and earlier allows path traversal via viewfile?file=/.. | 4.0 |
| 2021-07-25 | CVE-2021-37443 | Path Traversal vulnerability in Nchsoftware IVM Attendant NCH IVM Attendant v5.12 and earlier allows path traversal via the logdeleteselected check0 parameter for file deletion. | 5.5 |
| 2021-07-25 | CVE-2021-37444 | Unrestricted Upload of File with Dangerous Type vulnerability in Nchsoftware IVM Attendant NCH IVM Attendant v5.12 and earlier suffers from a directory traversal weakness upon uploading plugins in a ZIP archive. | 6.5 |
| 2021-07-25 | CVE-2021-37445 | Path Traversal vulnerability in Nchsoftware Quorum In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via logprop?file=/.. | 4.0 |
| 2021-07-25 | CVE-2021-37446 | Path Traversal vulnerability in Nchsoftware Quorum In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentprop?file=/.. | 4.0 |
| 2021-07-25 | CVE-2021-37447 | Path Traversal vulnerability in Nchsoftware Quorum In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentdelete?file=/.. | 5.5 |
| 2020-12-28 | CVE-2020-13474 | Improper Privilege Management vulnerability in Nchsoftware Express Accounts 8.24 In NCH Express Accounts 8.24 and earlier, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as Add/Edit users. | 4.0 |
| 2020-04-07 | CVE-2020-11561 | Improper Privilege Management vulnerability in Nchsoftware Express Invoice 7.25 In NCH Express Invoice 7.25, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as the "Add New Item" screen. | 6.5 |
| 2012-09-06 | CVE-2010-5220 | Unspecified vulnerability in Nchsoftware MEO Encryption Software 2.02 Untrusted search path vulnerability in MEO Encryption Software 2.02 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .meo or .cry file. local nchsoftware | 6.9 |