Lucene search
K
TobesoftXplatform

11 matches found

CVE
CVE
added 2022/04/19 8:26 p.m.1198 views

CVE-2021-26626

CVE-2021-26626 affects Tobesoft XPlatform (execBrowser method). A input-validation flaw when the second parameter equals 'default' allows the first parameter to be passed to ShellExecuteW, enabling remote arbitrary code execution. Impact and vulnerable version range are described as Tobesoft XPla...

8.8CVSS8.8AI score0.01201EPSS
CVE
CVE
added 2021/03/24 8:55 p.m.76 views

CVE-2020-7853

CVE-2020-7853 affects Tobesoft XPLATFORM. The vulnerability arises from an unchecked offset input range enabling out-of-bounds read/write, which can allow an attacker to achieve arbitrary code execution. Public sources (CNVD-2021-25270, CVE records) describe the same issue as an offset-range chec...

9.8CVSS7.8AI score0.0083EPSS
CVE
CVE
added 2022/04/26 6:17 p.m.71 views

CVE-2021-26629

CVE-2021-26629 is a path traversal flaw affecting Tobesoft Xplatform (XPLATFORM) prior to version 9.2.2.280. The issue arises in the runtime archive handling when decompressing ZIP/.xzip archives, allowing an attacker to create arbitrary files in the parent directory via a path traversal sequence...

8.8CVSS8.7AI score0.0146EPSS
CVE
CVE
added 2021/07/20 10:12 a.m.60 views

CVE-2020-7866

CVE-2020-7866 affects XPLATFORM 9.2.2.270 and earlier, where an ActiveX component allows arbitrary command execution due to improper input validation. The vulnerability can be triggered remotely over the network with low attack complexity and no authentication, leading to high-severity impact on ...

9.8CVSS9.5AI score0.00997EPSS
CVE
CVE
added 2019/01/02 2:0 p.m.57 views

CVE-2018-5197

The CVE-2018-5197 entry concerns ExtCommon.dll (Xplatform ActiveX) versions 9.2, 9.2.1, 9.2.2, where insufficient input validation of command parameters enables a command injection. According to NVD, the vulnerability allows an attacker to execute arbitrary commands, with impact on confidentialit...

7.8CVSS7.8AI score0.01137EPSS
CVE
CVE
added 2020/05/06 12:50 p.m.53 views

CVE-2020-7806

The vulnerability CVE-2020-7806 affects Tobesoft Xplatform ActiveX in version 9.2.2.250 and earlier. The issue is an arbitrary code execution via a method supported by the Xplatform ActiveX Control, enabling remote code execution. Exploitation details are not provided in the connected documents; ...

9.8CVSS9.3AI score0.00748EPSS
CVE
CVE
added 2020/05/11 5:40 p.m.52 views

CVE-2019-19162

CVE-2019-19162 corresponds to a use-after-free vulnerability in Tobesoft XPlatform. Affected product: Tobesoft XPlatform versions 9.1–9.2.2. Internal issue: use-after-free in resource handling leading to potential code execution on an affected system. Related sources from CNVD-2020-34996 and othe...

7.8CVSS7.8AI score0.01211EPSS
CVE
CVE
added 2020/11/17 1:4 p.m.50 views

CVE-2020-7841

TOBESOFT XPLATFORM suffers an improper input validation vulnerability that can lead to arbitrary .hta file execution when a command string starts with http://, https://, or mailto://. The CVE-2020-7841 entry is supported by multiple sources (NVD, Red Hat, CNVD) detailing this issue and its high/c...

8.8CVSS8.9AI score0.01512EPSS
CVE
CVE
added 2020/05/06 12:44 p.m.49 views

CVE-2019-19166

CVE-2019-19166 affects Tobesoft XPlatform versions 9.1, 9.2.0, 9.2.1 and 9.2.2, where it can load unauthorized DLL files and cause remote code execution. The provided connected documents confirm the vulnerability exists in these XPlatform builds and that the attack outcome is remote execution via...

7.8CVSS7.9AI score0.00392EPSS
CVE
CVE
added 2020/07/10 1:5 p.m.46 views

CVE-2020-7815

TOBESOFT XPLATFORM 9.2.260 (and earlier 9.2.250 on Windows) is affected by a file-download vulnerability in COMPONENT . The issue lets an attacker supply arguments to the vulnerable method to download remote files and execute code. No explicit exploit details are provided beyond this description,...

9.8CVSS9.4AI score0.01194EPSS
CVE
CVE
added 2021/04/20 7:56 p.m.41 views

CVE-2020-7857

CVE-2020-7857 affects Tobesoft XPlatform prior to version 9.2.2.280. The issue is a command injection caused by insufficient validation of improper classes, allowing an unauthenticated attacker to execute arbitrary commands. Affected component/behavior: the XPlatform platform’s class validation l...

9.8CVSS9.6AI score0.01012EPSS