Lucene search
K
ClipsoftRexpert

6 matches found

CVE
CVE
added 2019/10/30 8:46 p.m.57 views

CVE-2019-17322

ClipSoft REXPERT 1.0.0.527 and earlier is vulnerable to arbitrary file creation via a POST request where the file path is supplied as a parameter. An attacker could cause writing of an executable file to an arbitrary directory. Exploitation requires user interaction: the target must visit a malic...

6.5CVSS6.3AI score0.01224EPSS
CVE
CVE
added 2019/10/30 8:49 p.m.49 views

CVE-2019-17323

CVE-2019-17323 affects ClipSoft REXPERT (versions 1.0.0.527 and earlier). The vulnerability is an XML injection in the Rexpert viewer's report printing function, enabling arbitrary file creation and execution. Exploitation requires user interaction: the target must visit a malicious web page. Imp...

8.8CVSS8.5AI score0.01594EPSS
CVE
CVE
added 2019/10/30 8:52 p.m.47 views

CVE-2019-17324

CVE-2019-17324 affects ClipSoft REXPERT ≤ 1.0.0.527. A directory traversal flaw is exploitable by sending a crafted HTTP POST containing ".." characters, enabling an attacker to access outside restricted directories and potentially create a malicious HTML file via template injection. Exploitation...

6.5CVSS6.2AI score0.01212EPSS
CVE
CVE
added 2019/10/30 8:42 p.m.46 views

CVE-2019-17321

CVE-2019-17321 affects ClipSoft REXPERT 1.0.0.527 and earlier. The vulnerability is an information disclosure where, when requesting a web page associated with a session, the HTTP response data can leak the username via the session file path. No authentication is required to trigger the issue. Th...

5.3CVSS5.3AI score0.0093EPSS
CVE
CVE
added 2019/10/30 8:55 p.m.45 views

CVE-2019-17325

CVE-2019-17325 affects ClipSoft REXPERT (versions 1.0.0.527 and earlier). The root cause is a file upload vulnerability via the ActiveX RexViewerCtrl30.ocx, allowing a remote attacker to upload arbitrary local files and potentially disclose sensitive information. Exploitation requires the target ...

6.5CVSS6.4AI score0.01247EPSS
CVE
CVE
added 2019/10/30 8:57 p.m.44 views

CVE-2019-17326

ClipSoft REXPERT 1.0.0.527 and earlier allows remote arbitrary file deletion via an HTTP GET with a specially crafted parameter. Exploitation requires user interaction (target must visit a malicious page). Affected product: ClipSoft REXPERT; no explicit root-cause or patch details are provided in...

6.5CVSS6.4AI score0.01337EPSS