CVE-2020-3925

The CVE-2020-3925 entry concerns a Remote Code Execution vulnerability in some designated ServiSign security plugin applications. The connected CVEList document suggests a root-cause vector: RCE via LoadLibrary on Windows, implying a vulnerable component/function used by the ServiSign plugin. The...

CVE-2022-46306

CVE-2022-46306 affects ChangingTec ServiSign. The vulnerability is a path traversal caused by insufficient filtering of special characters in the DLL file path, enabling an unauthenticated attacker to host a malicious website that causes the component to load arbitrary DLL files, potentially enab...

CVE-2020-3927

The CVE-2020-3927 entry concerns a vulnerability in the ServiSign security plugin that could allow an attacker to access arbitrary files on the target system by manipulating a crafted API parameter, provided the attacker knows the specific API function. This is supported by the NVD entry describi...

CVE-2020-3926

The CVE-2020-3926 entry concerns the ServiSign security plugin. Affected component: the security plugin’s API handling. Vulnerability: arbitrary-file-access through crafted API parameters when an attacker knows the specific API function. Impact: potential disclosure or write access to arbitrary f...

CVE-2022-46304

CVE-2022-46304 affects the ChangingTec ServiSign component. The root cause is insufficient filtering for special characters in the connection response parameter, enabling an unauthenticated remote attacker to host a malicious website that a component user visits, triggering command injection. Thi...

CVE-2022-46305

The CVE-2022-46305 entry describes a path traversal vulnerability in the ChangingTec ServiSign component. An unauthenticated LAN attacker can bypass authentication and access arbitrary system files. The public details consistently identify the vulnerable component and the impact, but do not provi...