Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Nch Subscribe
Total 9 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-37452 1 Nch 1 Quorum 2022-07-12 2.1 LOW 5.5 MEDIUM
NCH Quorum v2.03 and earlier allows local users to discover cleartext login information relating to users by reading the local .dat configuration files.
CVE-2021-37468 1 Nch 1 Reflect Customer Relationship Management 2022-07-12 2.1 LOW 3.3 LOW
NCH Reflect CRM 3.01 allows local users to discover cleartext user account information by reading the configuration files.
CVE-2021-37441 1 Nch 1 Axon Pbx 2021-08-06 6.5 MEDIUM 8.8 HIGH
NCH Axon PBX v2.22 and earlier allows path traversal for file deletion via the logdelete?file=/.. substring.
CVE-2021-37440 1 Nch 1 Axon Pbx 2021-08-05 4.0 MEDIUM 6.5 MEDIUM
NCH Axon PBX v2.22 and earlier allows path traversal for file disclosure via the logprop?file=/.. substring.
CVE-2021-37439 1 Nch 1 Flexiserver 2021-08-05 4.0 MEDIUM 6.5 MEDIUM
NCH FlexiServer v6.00 suffers from a syslog?file=/.. path traversal vulnerability.
CVE-2021-37469 1 Nch 1 Webdictate 2021-08-05 4.0 MEDIUM 6.5 MEDIUM
In NCH WebDictate v2.13 and earlier, authenticated users can abuse logprop?file=/.. path traversal to read files on the filesystem.
CVE-2018-11552 1 Nch 1 Axon Pbx 2018-07-03 4.3 MEDIUM 6.1 MEDIUM
There is a reflected XSS vulnerability in AXON PBX 2.02 via the "AXON->Auto-Dialer->Agents->Name" field. The vulnerability exists due to insufficient filtration of user-supplied data. A remote attacker can execute arbitrary HTML and script code in a browser in the context of the vulnerable application.
CVE-2018-11551 1 Nch 1 Axon Pbx 2018-07-03 9.3 HIGH 7.8 HIGH
AXON PBX 2.02 contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability exists because a DLL file is loaded by 'pbxsetup.exe' improperly.
CVE-2009-4038 1 Nch 1 Axon Virtual Pbx 2009-11-22 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in NCH Software Axon Virtual PBX 2.10 and 2.11 allow remote attackers to inject arbitrary web script or HTML via the (1) onok or (2) oncancel parameter to the logon program. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.