132 matches found
Newforma Project Center Server Directory Traversal Vulnerability
Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. A directory traversal vulnerability exists in Newforma Project...
Newforma Project Center Server Open Redirect Vulnerability
Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. An open redirection vulnerability exists in Newforma Project...
Newforma Project Center Server Information Disclosure Vulnerability
Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. An information disclosure vulnerability exists in Newforma Proje...
Newforma Project Center Server Code Execution Vulnerability (CNVD-2025-25871)
Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. A code execution vulnerability exists in Newforma Project Center...
Newforma Project Center Server Information Disclosure Vulnerability (CNVD-2025-25886)
Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. Newforma Project Center Server suffers from an information...
Newforma Project Center Server Information Disclosure Vulnerability (CNVD-2025-25862)
Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. An information IELTS vulnerability exists in Newforma Project...
Unspecified Vulnerability in Newforma Project Center Server
Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. A security vulnerability exists in Newforma Project Center Serve...
Newforma Project Center Server Security Bypass Vulnerability
Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. A security bypass vulnerability exists in Newforma Project Cente...
Newforma Project Center Server Code Execution Vulnerability
Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. A code execution vulnerability exists in Newforma Project Center...
Newforma Project Center Server Information Disclosure Vulnerability (CNVD-2025-25888)
Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. An information disclosure vulnerability exists in Newforma Proje...
Newforma Project Center Server Cross-Site Scripting Vulnerability
Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. Newforma Project Center suffers from a cross-site scripting...
Newforma Project Center Server Information Disclosure Vulnerability (CNVD-2025-25476)
Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. An information disclosure vulnerability exists in Newforma Proje...
CVE-2025-35059
Newforma Info Exchange NIX '/DownloadWeb/hyperlinkredirect.aspx' provides an unauthenticated URL redirect via the 'nhl' parameter...
CVE-2025-35061
Newforma Info Exchange NIX '/NPCSRemoteWeb/LegacyIntegrationServices.asmx' allows a remote, unauthenticated attacker to cause NIX to make an SMB connection to an attacker-controlled system. The attacker can capture the NTLMv2 hash of the user-configured NIX service account...
CVE-2025-35060
Newforma Info Exchange NIX provides a 'Send a File Transfer' feature that allows a remote, authenticated attacker to upload SVG files that contain JavaScript or other content that may be executed or rendered by a web browser using a mobile user agent...
CVE-2025-35051
Newforma Project Center Server NPCS accepts serialized .NET data via the '/ProjectCenter.rem' endpoint on 9003/tcp, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUTHORITY\NetworkService' privileges. According to the recommended architecture, the vulnerable NPCS...
CVE-2025-35056
Newforma Info Exchange NIX '/UserWeb/Common/MarkupServices.ashx' 'StreamStampImage' accepts an encrypted file path and returns an image of the specified file. An authenticated attacker can read arbitrary files subject to the privileges of NIX, typically 'NT AUTHORITY\NetworkService', and the...
CVE-2025-35057
Newforma Info Exchange NIX '/RemoteWeb/IntegrationServices.ashx' allows a remote, unauthenticated attacker to cause NIX to make an SMB connection to an attacker-controlled system. The attacker can capture the NTLMv2 hash of the NIX service account...
CVE-2025-35058
Newforma Info Exchange NIX '/UserWeb/Common/MarkupServices.ashx' allows a remote, unauthenticated attacker to cause NIX to make an SMB connection to an attacker-controlled system. The attacker can capture the NTLMv2 hash of the customer-configured NIX service account...
CVE-2025-35062
Newforma Info Exchange NIX before version 2023.1 by default allows anonymous authentication which allows an unauthenticated attacker to exploit additional vulnerabilities that require authentication...