43 matches found
CVE-2019-17322
ClipSoft REXPERT 1.0.0.527 and earlier is vulnerable to arbitrary file creation via a POST request where the file path is supplied as a parameter. An attacker could cause writing of an executable file to an arbitrary directory. Exploitation requires user interaction: the target must visit a malic...
CVE-2019-17321
CVE-2019-17321 affects ClipSoft REXPERT 1.0.0.527 and earlier. The vulnerability is an information disclosure where, when requesting a web page associated with a session, the HTTP response data can leak the username via the session file path. No authentication is required to trigger the issue. Th...
CVE-2019-17321
ClipSoft REXPERT 1.0.0.527 and earlier version have an information disclosure issue. When requesting web page associated with session, could leak username via session file path of HTTP response data. No authentication is required...