Vulnerabilities > Tobesoft
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-17 | CVE-2020-7841 | Improper Input Validation vulnerability in Tobesoft Xplatform Improper input validation vulnerability exists in TOBESOFT XPLATFORM which could cause arbitrary .hta file execution when the command string is begun with http://, https://, mailto:// | 6.8 |
| 2020-07-17 | CVE-2020-7825 | OS Command Injection vulnerability in Tobesoft Miplatform 2019.05.16 A vulnerability exists that could allow the execution of operating system commands on systems running MiPlatform 2019.05.16 and earlier. | 10.0 |
| 2020-07-10 | CVE-2020-7815 | Injection vulnerability in Tobesoft Xplatform XPLATFORM v9.2.260 and eariler versions contain a vulnerability that could allow remote files to be downloaded by setting the arguments to the vulnerable method. | 7.5 |
| 2020-05-11 | CVE-2019-19162 | Use After Free vulnerability in Tobesoft Xplatform A use-after-free vulnerability in the TOBESOFT XPLATFORM versions 9.1 to 9.2.2 may lead to code execution on a system running it. | 6.8 |
| 2020-05-06 | CVE-2020-7806 | Download of Code Without Integrity Check vulnerability in Tobesoft Xplatform Tobesoft Xplatform 9.2.2.250 and earlier version have an arbitrary code execution vulnerability by using method supported by Xplatform ActiveX Control. | 7.5 |
| 2020-05-06 | CVE-2019-19167 | Unspecified vulnerability in Tobesoft Nexacro 2019.9.25.1 Tobesoft Nexacro v2019.9.25.1 and earlier version have an arbitrary code execution vulnerability by using method supported by Nexacro14 ActiveX Control. | 7.5 |
| 2020-05-06 | CVE-2019-19166 | Unspecified vulnerability in Tobesoft Xplatform Tobesoft XPlatform v9.1, 9.2.0, 9.2.1 and 9.2.2 have a vulnerability that can load unauthorized DLL files. | 4.4 |
| 2019-01-02 | CVE-2018-5197 | Improper Input Validation vulnerability in Tobesoft Xplatform 9.2/9.2.1/9.2.2 A vulnerability in the ExtCommon.dll user extension module version 9.2, 9.2.1, 9.2.2 of Xplatform ActiveX could allow attacker to perform a command injection attack. | 6.8 |