Vulnerabilities > Tobesoft

DATE CVE VULNERABILITY TITLE RISK
2022-04-26 CVE-2021-26629 Path Traversal vulnerability in Tobesoft Xplatform
A path traversal vulnerability in XPLATFORM's runtime archive function could lead to arbitrary file creation.
network
low complexity
tobesoft CWE-22
8.8
2022-04-19 CVE-2021-26625 Insufficient Verification of Data Authenticity vulnerability in Tobesoft Nexacro 17.1.2.500/17.1.2.600/17.1.3.301
Insufficient Verification of input Data leading to arbitrary file download and execute was discovered in Nexacro platform.
network
low complexity
tobesoft CWE-345
8.8
2022-04-19 CVE-2021-26626 Improper Input Validation vulnerability in Tobesoft Xplatform
Improper input validation vulnerability in XPLATFORM's execBrowser method can cause execute arbitrary commands.
network
low complexity
tobesoft CWE-20
8.8
2022-02-09 CVE-2021-26613 Improper Input Validation vulnerability in Tobesoft Nexacro
improper input validation vulnerability in nexacro permits copying file to the startup folder using rename method.
network
low complexity
tobesoft CWE-20
7.5
2021-11-30 CVE-2021-26612 Improper Input Validation vulnerability in Tobesoft Nexacro 14.0.0.0/14.0.1.3600/17.1.2.500
An improper input validation leading to arbitrary file creation was discovered in copy method of Nexacro platform.
network
low complexity
tobesoft CWE-20
critical
9.8
2021-10-26 CVE-2021-26607 Improper Input Validation vulnerability in Tobesoft Nexacro
An Improper input validation in execDefaultBrowser method of NEXACRO17 allows a remote attacker to execute arbitrary command on affected systems.
network
low complexity
tobesoft CWE-20
critical
9.8
2021-09-09 CVE-2020-7874 Download of Code Without Integrity Check vulnerability in Tobesoft Nexacro 14.0.0.0
Download of code without integrity check vulnerability in NEXACRO14 Runtime ActiveX control of tobesoft Co., Ltd allows the attacker to cause an arbitrary file download and execution.
network
low complexity
tobesoft CWE-494
8.8
2021-07-20 CVE-2020-7866 Improper Input Validation vulnerability in Tobesoft Xplatform
When using XPLATFORM 9.2.2.270 or earlier versions ActiveX component, arbitrary commands can be executed due to improper input validation
network
low complexity
tobesoft CWE-20
critical
9.8
2021-04-20 CVE-2020-7857 Improper Input Validation vulnerability in Tobesoft Xplatform
A vulnerability of XPlatform could allow an unauthenticated attacker to execute arbitrary command.
network
low complexity
tobesoft CWE-20
critical
9.8
2021-03-24 CVE-2020-7853 Out-of-bounds Write vulnerability in Tobesoft Xplatform
An outbound read/write vulnerability exists in XPLATFORM that does not check offset input ranges, allowing out-of-range data to be read.
network
low complexity
tobesoft CWE-787
critical
9.8