11 matches found
CVE-2021-26626
CVE-2021-26626 affects Tobesoft XPlatform (execBrowser method). A input-validation flaw when the second parameter equals 'default' allows the first parameter to be passed to ShellExecuteW, enabling remote arbitrary code execution. Impact and vulnerable version range are described as Tobesoft XPla...
CVE-2020-7853
CVE-2020-7853 affects Tobesoft XPLATFORM. The vulnerability arises from an unchecked offset input range enabling out-of-bounds read/write, which can allow an attacker to achieve arbitrary code execution. Public sources (CNVD-2021-25270, CVE records) describe the same issue as an offset-range chec...
CVE-2021-26629
CVE-2021-26629 is a path traversal flaw affecting Tobesoft Xplatform (XPLATFORM) prior to version 9.2.2.280. The issue arises in the runtime archive handling when decompressing ZIP/.xzip archives, allowing an attacker to create arbitrary files in the parent directory via a path traversal sequence...
CVE-2020-7866
CVE-2020-7866 affects XPLATFORM 9.2.2.270 and earlier, where an ActiveX component allows arbitrary command execution due to improper input validation. The vulnerability can be triggered remotely over the network with low attack complexity and no authentication, leading to high-severity impact on ...
CVE-2018-5197
The CVE-2018-5197 entry concerns ExtCommon.dll (Xplatform ActiveX) versions 9.2, 9.2.1, 9.2.2, where insufficient input validation of command parameters enables a command injection. According to NVD, the vulnerability allows an attacker to execute arbitrary commands, with impact on confidentialit...
CVE-2020-7806
The vulnerability CVE-2020-7806 affects Tobesoft Xplatform ActiveX in version 9.2.2.250 and earlier. The issue is an arbitrary code execution via a method supported by the Xplatform ActiveX Control, enabling remote code execution. Exploitation details are not provided in the connected documents; ...
CVE-2019-19162
CVE-2019-19162 corresponds to a use-after-free vulnerability in Tobesoft XPlatform. Affected product: Tobesoft XPlatform versions 9.1–9.2.2. Internal issue: use-after-free in resource handling leading to potential code execution on an affected system. Related sources from CNVD-2020-34996 and othe...
CVE-2020-7841
TOBESOFT XPLATFORM suffers an improper input validation vulnerability that can lead to arbitrary .hta file execution when a command string starts with http://, https://, or mailto://. The CVE-2020-7841 entry is supported by multiple sources (NVD, Red Hat, CNVD) detailing this issue and its high/c...
CVE-2019-19166
CVE-2019-19166 affects Tobesoft XPlatform versions 9.1, 9.2.0, 9.2.1 and 9.2.2, where it can load unauthorized DLL files and cause remote code execution. The provided connected documents confirm the vulnerability exists in these XPlatform builds and that the attack outcome is remote execution via...
CVE-2020-7815
TOBESOFT XPLATFORM 9.2.260 (and earlier 9.2.250 on Windows) is affected by a file-download vulnerability in COMPONENT . The issue lets an attacker supply arguments to the vulnerable method to download remote files and execute code. No explicit exploit details are provided beyond this description,...
CVE-2020-7857
CVE-2020-7857 affects Tobesoft XPlatform prior to version 9.2.2.280. The issue is a command injection caused by insufficient validation of improper classes, allowing an unauthenticated attacker to execute arbitrary commands. Affected component/behavior: the XPlatform platform’s class validation l...