Netsupport
Products
6- 6 CVEs
- 4 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
13| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-34164 | Cri | 0.61 | — | 0.01 | Aug 30, 2025 | A heap-based buffer overflow vulnerability in NetSupport Manager 14.x versions prior to 14.12.0000 allows a remote, unauthenticated attacker to cause a denial of service (DoS) or execute arbitrary code. | ||
| CVE-2025-34181 | Hig | 0.57 | — | 0.01 | Dec 15, 2025 | NetSupport Manager < 14.12.0001 contains an arbitrary file write vulnerability in its Connectivity Server/Gateway PUTFILE request handler. An attacker with a valid Gateway Key can supply a crafted filename containing directory traversal sequences to write files to arbitrary… | ||
| CVE-2025-34179 | Hig | 0.57 | — | 0.00 | Dec 15, 2025 | NetSupport Manager < 14.12.0001 contains an unauthenticated SQL injection vulnerability in its Connectivity Server/Gateway HTTPS request handling. The server evaluates request URIs using an unsanitized SQLite query against the FileLinks table in gateway.db. By injecting SQL… | ||
| CVE-2011-0404 | 0.08 | — | 0.65 | Jan 11, 2011 | Stack-based buffer overflow in NetSupport Manager Agent for Linux 11.00, for Solaris 9.50, and for Mac OS X 11.00 allows remote attackers to execute arbitrary code via a long control hostname to TCP port 5405, probably a different vulnerability than CVE-2007-5252. | |||
| CVE-2004-2737 | 0.03 | — | 0.01 | Dec 31, 2004 | SQL injection vulnerability in problist.asp in NetSupport DNA HelpDesk 1.01 allows remote attackers to execute arbitrary SQL commands via the where parameter. | |||
| CVE-2004-1861 | 0.03 | — | 0.01 | Mar 25, 2004 | Invision NetSupport School Pro uses a weak encryption algorithm to encrypt passwords, which allows local users to obtain passwords. | |||
| CVE-2022-22795 | 0.00 | — | 0.01 | Mar 9, 2022 | Signiant - Manager+Agents XML External Entity (XXE) - Extract internal files of the affected machine An attacker can read all the system files, the product is running with root on Linux systems and nt/authority on windows systems, which allows him to access and extract any file… | |||
| CVE-2021-46660 | 0.00 | — | 0.01 | Jan 29, 2022 | Signiant Manager+Agents before 15.1 allows XML External Entity (XXE) attacks. | |||
| CVE-2019-8996 | 0.00 | — | 0.02 | Feb 21, 2019 | In Signiant Manager+Agents before 13.5, the implementation of the set command has a Buffer Overflow. | |||
| CVE-2010-4184 | 0.00 | — | 0.03 | Nov 5, 2010 | NetSupport Manager (NSM) before 11.00.0005 sends HTTP headers with cleartext fields containing details about client machines, which allows remote attackers to obtain potentially sensitive information by sniffing the network. | |||
| CVE-2007-5252 | 0.00 | — | 0.04 | Oct 6, 2007 | Buffer overflow in NetSupport Manager (NSM) Client 10.00 and 10.20, and NetSupport School Student (NSS) 9.00, allows remote NSM servers to cause a denial of service or possibly execute arbitrary code via crafted data in the configuration exchange phase of an initial connection… | |||
| CVE-2007-5057 | 0.00 | — | 0.05 | Sep 24, 2007 | NetSupport Manager Client before 10.20.0004 allows remote attackers to bypass the (1) basic and (2) authentication schemes by spoofing the NetSupport Manager. | |||
| CVE-2002-0482 | 0.00 | — | 0.02 | Aug 12, 2002 | Directory traversal vulnerability in PCI Netsupport Manager before version 7, when running web extensions, allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP GET request. |
- risk 0.61cvss —epss 0.01
A heap-based buffer overflow vulnerability in NetSupport Manager 14.x versions prior to 14.12.0000 allows a remote, unauthenticated attacker to cause a denial of service (DoS) or execute arbitrary code.
- risk 0.57cvss —epss 0.01
NetSupport Manager < 14.12.0001 contains an arbitrary file write vulnerability in its Connectivity Server/Gateway PUTFILE request handler. An attacker with a valid Gateway Key can supply a crafted filename containing directory traversal sequences to write files to arbitrary…
- risk 0.57cvss —epss 0.00
NetSupport Manager < 14.12.0001 contains an unauthenticated SQL injection vulnerability in its Connectivity Server/Gateway HTTPS request handling. The server evaluates request URIs using an unsanitized SQLite query against the FileLinks table in gateway.db. By injecting SQL…
- CVE-2011-0404Jan 11, 2011risk 0.08cvss —epss 0.65
Stack-based buffer overflow in NetSupport Manager Agent for Linux 11.00, for Solaris 9.50, and for Mac OS X 11.00 allows remote attackers to execute arbitrary code via a long control hostname to TCP port 5405, probably a different vulnerability than CVE-2007-5252.
- CVE-2004-2737Dec 31, 2004risk 0.03cvss —epss 0.01
SQL injection vulnerability in problist.asp in NetSupport DNA HelpDesk 1.01 allows remote attackers to execute arbitrary SQL commands via the where parameter.
- CVE-2004-1861Mar 25, 2004risk 0.03cvss —epss 0.01
Invision NetSupport School Pro uses a weak encryption algorithm to encrypt passwords, which allows local users to obtain passwords.
- CVE-2022-22795Mar 9, 2022risk 0.00cvss —epss 0.01
Signiant - Manager+Agents XML External Entity (XXE) - Extract internal files of the affected machine An attacker can read all the system files, the product is running with root on Linux systems and nt/authority on windows systems, which allows him to access and extract any file…
- CVE-2021-46660Jan 29, 2022risk 0.00cvss —epss 0.01
Signiant Manager+Agents before 15.1 allows XML External Entity (XXE) attacks.
- CVE-2019-8996Feb 21, 2019risk 0.00cvss —epss 0.02
In Signiant Manager+Agents before 13.5, the implementation of the set command has a Buffer Overflow.
- CVE-2010-4184Nov 5, 2010risk 0.00cvss —epss 0.03
NetSupport Manager (NSM) before 11.00.0005 sends HTTP headers with cleartext fields containing details about client machines, which allows remote attackers to obtain potentially sensitive information by sniffing the network.
- CVE-2007-5252Oct 6, 2007risk 0.00cvss —epss 0.04
Buffer overflow in NetSupport Manager (NSM) Client 10.00 and 10.20, and NetSupport School Student (NSS) 9.00, allows remote NSM servers to cause a denial of service or possibly execute arbitrary code via crafted data in the configuration exchange phase of an initial connection…
- CVE-2007-5057Sep 24, 2007risk 0.00cvss —epss 0.05
NetSupport Manager Client before 10.20.0004 allows remote attackers to bypass the (1) basic and (2) authentication schemes by spoofing the NetSupport Manager.
- CVE-2002-0482Aug 12, 2002risk 0.00cvss —epss 0.02
Directory traversal vulnerability in PCI Netsupport Manager before version 7, when running web extensions, allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP GET request.