VYPR
Vendor

Techsmith

Products
5
CVEs
9
Across products
10
Status
Private

Products

5

Recent CVEs

9
  • CVE-2020-18171HigJul 26, 2021
    risk 0.57cvss 8.8epss 0.00

    TechSmith Snagit 19.1.0.2653 uses Object Linking and Embedding (OLE) which can allow attackers to obfuscate and embed crafted files used to escalate privileges. NOTE: This implies that Snagit's use of OLE is a security vulnerability unto itself and it is not. See reference…

  • CVE-2020-18169HigJul 26, 2021
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the Windows installer XML (WiX) toolset of TechSmith Snagit 19.1.1.2860 allows attackers to escalate privileges. NOTE: Exploit of the Snagit installer would require the end user to ignore other safety mechanisms provided by the Host OS. See reference document…

  • CVE-2018-14446HigJul 20, 2018
    risk 0.50cvss 8.8epss 0.02

    MP4Integer32Property::Read in atom_avcC.cpp in MP4v2 2.1.0 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted MP4 file.

  • CVE-2010-3130Aug 26, 2010
    risk 0.04cvss epss 0.08

    Untrusted search path vulnerability in TechSmith Snagit all versions 10.x and 11.x allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a snag, snagcc,…

  • CVE-2008-6061Feb 5, 2009
    risk 0.03cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary Shockwave Flash (SWF) controller files created by Techsmith Camtasia Studio before 5 allows remote attackers to inject arbitrary additional SWF content via a URL in the csPreloader parameter.

  • CVE-2020-11541May 8, 2020
    risk 0.00cvss epss 0.00

    In TechSmith SnagIt 11.2.1 through 20.0.3, an XML External Entity (XXE) injection issue exists that would allow a local attacker to exfiltrate data under the local Administrator account.

  • CVE-2019-13382Jul 26, 2019
    risk 0.00cvss epss 0.02

    UploaderService in SnagIT 2019.1.2 allows elevation of privilege by placing an invalid presentation file in %PROGRAMDATA%\TechSmith\TechSmith Recorder\QueuedPresentations and then creating a symbolic link in %PROGRAMDATA%\Techsmith\TechSmith Recorder\InvalidPresentations that…

  • CVE-2015-5487Aug 18, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Camtasia Relay module 6.x-2.x before 6.x-3.2 and 7.x-2.x before 7.x-1.3 for Drupal allows remote authenticated users with the "view meta information" permission to inject arbitrary web script or HTML via unspecified vectors related…

  • CVE-2010-5234Sep 7, 2012
    risk 0.00cvss epss 0.00

    Multiple untrusted search path vulnerabilities in Camtasia Studio 7.0.1 build 57 allow local users to gain privileges via a Trojan horse (1) MFC90ENU.DLL or (2) MFC90LOC.DLL file in the current working directory, as demonstrated by a directory that contains a .cmmp or .camrec…