Skip to main content
CVE-2021-37444 HIGH POC This Week

NCH IVM Attendant v5.12 and earlier suffers from a directory traversal weakness upon uploading plugins in a ZIP archive. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Path Traversal RCE Ivm Attendant
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-37441 HIGH POC This Week

NCH Axon PBX v2.22 and earlier allows path traversal for file deletion via the logdelete?file=/.. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Axon Pbx
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-37447 HIGH POC This Week

In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentdelete?file=/.. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Quorum
NVD GitHub
CVSS 3.1
8.1
EPSS
1.6%
CVE-2021-37443 HIGH POC This Week

NCH IVM Attendant v5.12 and earlier allows path traversal via the logdeleteselected check0 parameter for file deletion. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ivm Attendant
NVD GitHub
CVSS 3.1
8.1
EPSS
1.2%
CVE-2021-3663 HIGH POC PATCH This Week

firefly-iii is vulnerable to Improper Restriction of Excessive Authentication Attempts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Firefly Iii
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-37445 MEDIUM POC This Month

In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via logprop?file=/.. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Quorum
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-37442 MEDIUM POC This Month

NCH IVM Attendant v5.12 and earlier allows path traversal via viewfile?file=/.. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ivm Attendant
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-37440 MEDIUM POC This Month

NCH Axon PBX v2.22 and earlier allows path traversal for file disclosure via the logprop?file=/.. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Axon Pbx
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-37439 MEDIUM POC This Month

NCH FlexiServer v6.00 suffers from a syslog?file=/.. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Flexiserver
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-37469 MEDIUM POC This Month

In NCH WebDictate v2.13 and earlier, authenticated users can abuse logprop?file=/.. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Webdictate
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-37452 MEDIUM POC This Month

NCH Quorum v2.03 and earlier allows local users to discover cleartext login information relating to users by reading the local .dat configuration files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Quorum
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-37449 MEDIUM POC This Month

Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmlist?folder= (reflected). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ivm Attendant
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-37448 MEDIUM POC This Month

Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via the Mailbox name (stored). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ivm Attendant
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-37470 MEDIUM POC This Month

In NCH WebDictate v2.13, persistent Cross Site Scripting (XSS) exists in the Recipient Name field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webdictate
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-37467 MEDIUM POC This Month

In NCH Quorum v2.03 and earlier, XSS exists via /conferencebrowseuploadfile?confid= (reflected). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Quorum
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-37466 MEDIUM POC This Month

In NCH Quorum v2.03 and earlier, XSS exists via /conference?id= (reflected). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Quorum
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-37465 MEDIUM POC This Month

In NCH Quorum v2.03 and earlier, XSS exists via /uploaddoc?id= (reflected). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Quorum
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-37464 MEDIUM POC This Month

In NCH Quorum v2.03 and earlier, XSS exists via Conference Description (stored). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Quorum
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-37463 MEDIUM POC This Month

In NCH Quorum v2.03 and earlier, XSS exists via User Display Name (stored). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Quorum
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-37462 MEDIUM POC This Month

Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /ipblacklist?errorip= (reflected). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Axon Pbx
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-37461 MEDIUM POC This Month

Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /extensionsinstruction?id= (reflected). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Axon Pbx
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-37460 MEDIUM POC This Month

Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /planprop?id= (reflected). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Axon Pbx
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-37459 MEDIUM POC This Month

Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the customer name field (stored). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Axon Pbx
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-37458 MEDIUM POC This Month

Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the primary phone field (stored). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Axon Pbx
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-37457 MEDIUM POC This Month

Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the SipRule field (stored). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Axon Pbx
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-37456 MEDIUM POC This Month

Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the blacklist IP address (stored). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Axon Pbx
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-37455 MEDIUM POC This Month

Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the outbound dialing plan (stored). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Axon Pbx
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-37454 MEDIUM POC This Month

Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the line name (stored). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Axon Pbx
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-37453 MEDIUM POC This Month

Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the extension name (stored). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Axon Pbx
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-37451 MEDIUM POC This Month

Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /msglist?mbx= (reflected). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ivm Attendant
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-37450 MEDIUM POC This Month

Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmprop?id= (reflected). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ivm Attendant
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-23413 MEDIUM POC PATCH This Month

This affects the package jszip before 3.7.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Jszip
NVD GitHub
CVSS 3.1
5.3
EPSS
3.3%
CVE-2021-37446 MEDIUM POC This Month

In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentprop?file=/.. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Quorum
NVD GitHub
CVSS 3.1
4.3
EPSS
1.2%
CVE-2021-37468 LOW POC Monitor

NCH Reflect CRM 3.01 allows local users to discover cleartext user account information by reading the configuration files. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Reflect Customer Relationship Management
NVD GitHub
CVSS 3.1
3.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy