2 matches found
CVE-2021-26630
The CVE is about an improper input validation vulnerability in HANDY Groupware’s ActiveX module that allows attackers to download or execute arbitrary files by passing the file download or execution path as the parameter value of the vulnerable function. Affected products are HANDY Groupware with...
CVE-2020-7804
CVE-2020-7804 affects Handy Groupware 1.7.3.1 on Windows 7/8/10 via ActiveX Control (HShell.dll). The root cause described is an ability for an attacker to execute arbitrary commands through the ShellExec method. No explicit remediation is provided in the supplied materials. Exploitation status a...