CVE-2020-7820

Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version contain a vulnerability that could allow remote attacker to execute arbitrary code by setting the arguments to the vulnerable API. This can be leveraged for code execution by rebooting the victim’s PC...

CVE-2020-7821

Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version contain a vulnerability that could allow remote attacker to execute arbitrary code by modifying the value of registry path. This can be leveraged for code execution by rebooting the victim’s PC...

EUVD-2020-28752

Malware in sbrugna...

EUVD-2021-13419

Malware in sbrugna...

EUVD-2020-28753

Malware in sbrugna...

EUVD-2021-13407

Malware in sbrugna...

EUVD-2019-8799

Malware in sbrugna...

EUVD-2021-13406

Malware in sbrugna...

CVE-2021-26613

improper input validation vulnerability in nexacro permits copying file to the startup folder using rename method...

CVE-2021-26612

An improper input validation leading to arbitrary file creation was discovered in copy method of Nexacro platform. Remote attackers use copy method to execute arbitrary command after the file creation included malicious code...

CVE-2021-26625

Insufficient Verification of input Data leading to arbitrary file download and execute was discovered in Nexacro platform. This vulnerability is caused by an automatic update function that does not verify input data except version information. Remote attackers can use this incomplete validation...

CVE-2019-19167

Tobesoft Nexacro v2019.9.25.1 and earlier version have an arbitrary code execution vulnerability by using method supported by Nexacro14 ActiveX Control. It allows attacker to cause remote code execution...

CVE-2021-26625

Insufficient Verification of input Data leading to arbitrary file download and execute was discovered in Nexacro platform. This vulnerability is caused by an automatic update function that does not verify input data except version information. Remote attackers can use this incomplete validation...

CVE-2021-26625

Insufficient Verification of input Data leading to arbitrary file download and execute was discovered in Nexacro platform. This vulnerability is caused by an automatic update function that does not verify input data except version information. Remote attackers can use this incomplete validation...

Input validation

Insufficient Verification of input Data leading to arbitrary file download and execute was discovered in Nexacro platform. This vulnerability is caused by an automatic update function that does not verify input data except version information. Remote attackers can use this incomplete validation...

CVE-2021-26625 tobesoft Nexacro arbitrary file download vulnerability

Insufficient Verification of input Data leading to arbitrary file download and execute was discovered in Nexacro platform. This vulnerability is caused by an automatic update function that does not verify input data except version information. Remote attackers can use this incomplete validation...

CVE-2021-26625

The CVE-2021-26625 entry concerns the Nexacro platform (Tobesoft Nexacro). The root cause is an automatic update feature that does not verify input data beyond version information, enabling a remote attacker to download and execute arbitrary malicious files. Public details specify Nexacro/17.x va...

Tobesoft Nexacro数据伪造问题漏洞

Tobesoft Nexacro is a unified framework-based OSMU single-source multi-purpose application development solution from Tobesoft Korea. A security vulnerability previously existed in Nexacro version 17 17.1.3.700, which stemmed from the automatic update feature not validating input data other than...

CVE-2021-26613

improper input validation vulnerability in nexacro permits copying file to the startup folder using rename method...

CVE-2021-26613

improper input validation vulnerability in nexacro permits copying file to the startup folder using rename method...