Lucene search
+L

8 matches found

CVE
CVE
added 2025/10/09 8:20 p.m.28 views

CVE-2025-35055

Newforma Info Exchange (NIX) contains a file-upload vulnerability in /UserWeb/Common/UploadBlueimp.ashx that allows an authenticated attacker to upload arbitrary files to writable locations, enabling web-shell execution or directory deletion. Related CNVD and Red Hat entries describe a broader ri...

8.8CVSS6.8AI score0.00504EPSS
Web
CVE
CVE
added 2025/10/09 8:21 p.m.26 views

CVE-2025-35058

Newforma Info Exchange (NIX) contains a vulnerable endpoint /UserWeb/Common/MarkupServices.ashx that can be triggered by a remote, unauthenticated attacker to force NIX to establish an SMB connection to an attacker‑controlled system, enabling the attacker to capture the NTLMv2 hash of the configu...

8.2CVSS6.6AI score0.00353EPSS
CVE
CVE
added 2025/10/09 8:21 p.m.19 views

CVE-2025-35056

Affected product: Newforma Info Exchange (NIX).Vulnerability: The StreamStampImage endpoint (/UserWeb/Common/MarkupServices.ashx) accepts an encrypted file path and returns an image of the specified file. The path is generated with a shared, hard-coded key described in CVE-2025-35052, enabling an...

5.3CVSS6.4AI score0.0033EPSS
Web
CVE
CVE
added 2025/10/09 8:22 p.m.17 views

CVE-2025-35061

Newforma Info Exchange (NIX) is affected via the NPCSRemoteWeb/LegacyIntegrationServices.asmx endpoint. An unauthenticated remote attacker can cause NIX to initiate an SMB connection to a system under attacker control, enabling capture of the NTLMv2 hash of the NIX service account. This informati...

8.2CVSS6.6AI score0.00353EPSS
CVE
CVE
added 2025/10/09 8:21 p.m.14 views

CVE-2025-35057

Newforma Info Exchange (NIX) has a vulnerability in the /RemoteWeb/IntegrationServices.ashx endpoint that allows a remote, unauthenticated attacker to coerce NIX into making an SMB connection to an attacker-controlled system, enabling the attacker to capture the NTLMv2 hash of the NIX service acc...

6CVSS6.6AI score0.00305EPSS
CVE
CVE
added 2025/10/09 8:22 p.m.14 views

CVE-2025-35062

Newforma Info Exchange (NIX) before version 2023.1 allows anonymous authentication by default, enabling an unauthenticated attacker to exploit additional vulnerabilities that require authentication. Related sources describe bypass and file-read/upload issues tied to authenticated access and the p...

9.8CVSS6.9AI score0.00346EPSS
CVE
CVE
added 2025/10/09 8:21 p.m.12 views

CVE-2025-35059

Newforma Info Exchange (NIX) exposes an open redirect vulnerability via the unauthenticated nhl parameter in the endpoint /DownloadWeb/hyperlinkredirect.aspx. Multiple sources (CNVD-2025-25475, RH/CVE-2025-35059, EUVD-2025-33568, NVD, CNNVD, etc.) describe an open redirection that can be triggere...

6.1CVSS6.7AI score0.00198EPSS
Web
CVE
CVE
added 2025/10/09 8:22 p.m.12 views

CVE-2025-35060

CVE-2025-35060 concerns Newforma Info Exchange (NIX): the remote, authenticated attacker can upload SVG files via the Send a File Transfer feature, leading to stored XSS when the SVG content is rendered in a browser (notably with a mobile user agent). Several connected sources corroborate a cross...

5.5CVSS6.4AI score0.00201EPSS