Vulnerabilities > Tobesoft

DATE CVE VULNERABILITY TITLE RISK
2020-11-17 CVE-2020-7841 Improper Input Validation vulnerability in Tobesoft Xplatform
Improper input validation vulnerability exists in TOBESOFT XPLATFORM which could cause arbitrary .hta file execution when the command string is begun with http://, https://, mailto://
network
low complexity
tobesoft CWE-20
8.8
2020-07-17 CVE-2020-7825 OS Command Injection vulnerability in Tobesoft Miplatform 2019.05.16
A vulnerability exists that could allow the execution of operating system commands on systems running MiPlatform 2019.05.16 and earlier.
network
low complexity
tobesoft CWE-78
critical
9.8
2020-07-10 CVE-2020-7815 Unspecified vulnerability in Tobesoft Xplatform
XPLATFORM v9.2.260 and eariler versions contain a vulnerability that could allow remote files to be downloaded by setting the arguments to the vulnerable method.
network
low complexity
tobesoft
critical
9.8
2020-05-11 CVE-2019-19162 Use After Free vulnerability in Tobesoft Xplatform
A use-after-free vulnerability in the TOBESOFT XPLATFORM versions 9.1 to 9.2.2 may lead to code execution on a system running it.
local
low complexity
tobesoft CWE-416
7.8
2020-05-06 CVE-2020-7806 Download of Code Without Integrity Check vulnerability in Tobesoft Xplatform
Tobesoft Xplatform 9.2.2.250 and earlier version have an arbitrary code execution vulnerability by using method supported by Xplatform ActiveX Control.
network
low complexity
tobesoft CWE-494
critical
9.8
2020-05-06 CVE-2019-19167 Unspecified vulnerability in Tobesoft Nexacro
Tobesoft Nexacro v2019.9.25.1 and earlier version have an arbitrary code execution vulnerability by using method supported by Nexacro14 ActiveX Control.
network
low complexity
tobesoft
critical
9.8
2020-05-06 CVE-2019-19166 Unspecified vulnerability in Tobesoft Xplatform
Tobesoft XPlatform v9.1, 9.2.0, 9.2.1 and 9.2.2 have a vulnerability that can load unauthorized DLL files.
local
low complexity
tobesoft
7.8
2019-01-02 CVE-2018-5197 Improper Input Validation vulnerability in Tobesoft Xplatform 9.2/9.2.1/9.2.2
A vulnerability in the ExtCommon.dll user extension module version 9.2, 9.2.1, 9.2.2 of Xplatform ActiveX could allow attacker to perform a command injection attack.
local
low complexity
tobesoft CWE-20
7.8