VYPR
Vendor

NCH Software

Products
10
CVEs
20
Across products
20
Status
Private

Products

10

Recent CVEs

20
  • CVE-2021-37444HigJul 25, 2021
    risk 0.57cvss 8.8epss 0.02

    NCH IVM Attendant v5.12 and earlier suffers from a directory traversal weakness upon uploading plugins in a ZIP archive. This can lead to code execution if a ZIP element's pathname is set to a Windows startup folder, a file for the inbuilt Out-Going Message function, or a file…

  • CVE-2020-11561HigApr 7, 2020
    risk 0.57cvss 8.8epss 0.02

    In NCH Express Invoice 7.25, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as the "Add New Item" screen.

  • CVE-2020-11560HigApr 7, 2020
    risk 0.54cvss 7.8epss 0.01

    NCH Express Invoice 7.25 allows local users to discover the cleartext password by reading the configuration file.

  • CVE-2021-37440MedJul 25, 2021
    risk 0.42cvss 6.5epss 0.01

    NCH Axon PBX v2.22 and earlier allows path traversal for file disclosure via the logprop?file=/.. substring.

  • CVE-2021-37439MedJul 25, 2021
    risk 0.42cvss 6.5epss 0.01

    NCH FlexiServer v6.00 suffers from a syslog?file=/.. path traversal vulnerability.

  • CVE-2020-13474MedDec 28, 2020
    risk 0.42cvss 6.5epss 0.01

    In NCH Express Accounts 8.24 and earlier, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as Add/Edit users.

  • CVE-2020-13473MedDec 28, 2020
    risk 0.36cvss 5.5epss 0.00

    NCH Express Accounts 8.24 and earlier allows local users to discover the cleartext password by reading the configuration file.

  • CVE-2021-37460MedJul 25, 2021
    risk 0.35cvss 5.4epss 0.01

    Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /planprop?id= (reflected).

  • CVE-2021-37459MedJul 25, 2021
    risk 0.35cvss 5.4epss 0.01

    Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the customer name field (stored).

  • CVE-2021-37458MedJul 25, 2021
    risk 0.35cvss 5.4epss 0.01

    Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the primary phone field (stored).

  • CVE-2021-37454MedJul 25, 2021
    risk 0.35cvss 5.4epss 0.01

    Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the line name (stored).

  • CVE-2021-37453MedJul 25, 2021
    risk 0.35cvss 5.4epss 0.01

    Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the extension name (stored).

  • CVE-2021-37450MedJul 25, 2021
    risk 0.35cvss 5.4epss 0.01

    Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmprop?id= (reflected).

  • CVE-2019-16330MedOct 17, 2019
    risk 0.35cvss 5.4epss 0.01

    In NCH Express Accounts Accounting v7.02, persistent cross site scripting (XSS) exists in Invoices/Sales Orders/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Sales Orders/Items/Customers/Quotes fields parameter to inject…

  • CVE-2019-16282MedOct 14, 2019
    risk 0.35cvss 5.4epss 0.01

    In NCH Express Invoice v7.12, persistent cross site scripting (XSS) exists via the Invoices/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Items/Customers fields parameter to inject arbitrary JavaScript.

  • CVE-2020-13476MedDec 28, 2020
    risk 0.31cvss 4.8epss 0.01

    NCH Express Invoice 8.06 to 8.24 is vulnerable to Reflected XSS in the Quotes List module.

  • CVE-2008-2894Jun 27, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in the FTP client in NCH Software Classic FTP 1.02 for Windows allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345.

  • CVE-2010-5220Sep 6, 2012
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in MEO Encryption Software 2.02 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .meo or .cry file. NOTE: some of these details are…

  • CVE-2009-4038Nov 20, 2009
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in NCH Software Axon Virtual PBX 2.10 and 2.11 allow remote attackers to inject arbitrary web script or HTML via the (1) onok or (2) oncancel parameter to the logon program. NOTE: the provenance of this information is unknown;…

  • CVE-2006-4603Sep 7, 2006
    risk 0.00cvss epss 0.02

    NCH Swift Sound Web Dictate 1.02 allows remote attackers to bypass authentication via a null password.