Extensis

extensis

10 CVEs • 4 products

Products (4)

Click to collapse

Toggle

Netpublish Server

netpublish_server

Portfolio Netpublish

portfolio_netpublish

CVEs (10)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-24255 1Extensis 1Portfolio Jun 17, 2026 Mar 1, 2022 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 Extensis Portfolio v4.0 was discovered to contain hardcoded credentials which allows attackers to gain administrator privileges.
CVE-2022-24254 1Extensis 1Portfolio Jun 17, 2026 Mar 1, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted ZIP file.
CVE-2022-24253 1Extensis 1Portfolio Jun 17, 2026 Mar 1, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the component AdminFileTransferServlet.
CVE-2022-24252 1Extensis 1Portfolio Jun 17, 2026 Mar 1, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted file.
CVE-2022-24251 1Extensis 1Portfolio Jun 17, 2026 Mar 1, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the Catalog Asset Upload function.
CVE-2013-3946 1Extensis 1Mrsid Nov 21, 2024 Jan 2, 2020 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Heap-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a levels header.
CVE-2013-3945 1Extensis 1Mrsid Nov 21, 2024 Jan 2, 2020 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 The MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a nband tag.
CVE-2013-3944 1Extensis 1Mrsid Nov 21, 2024 Jan 2, 2020 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Stack-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via an IMAGE tag.
CVE-2017-18006 1Extensis 1Portfolio Netpublish May 13, 2026 Jan 1, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 netpub/server.np in Extensis Portfolio NetPublish has XSS in the quickfind parameter, aka Open Bug Bounty ID OBB-290447.
CVE-2005-4510 1Extensis 1Netpublish Server Apr 16, 2026 Dec 23, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Directory traversal vulnerability in server.np in NetPublish Server 7 allows remote attackers to read arbitrary files via "../" sequences in the template parameter.