Vulnerabilities > Tobesoft > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-30 | CVE-2021-26612 | Improper Input Validation vulnerability in Tobesoft Nexacro 14.0.0.0/14.0.1.3600/17.1.2.500 An improper input validation leading to arbitrary file creation was discovered in copy method of Nexacro platform. | 9.8 |
| 2021-10-26 | CVE-2021-26607 | Improper Input Validation vulnerability in Tobesoft Nexacro An Improper input validation in execDefaultBrowser method of NEXACRO17 allows a remote attacker to execute arbitrary command on affected systems. | 9.8 |
| 2021-07-20 | CVE-2020-7866 | Improper Input Validation vulnerability in Tobesoft Xplatform When using XPLATFORM 9.2.2.270 or earlier versions ActiveX component, arbitrary commands can be executed due to improper input validation | 9.8 |
| 2021-04-20 | CVE-2020-7857 | Improper Input Validation vulnerability in Tobesoft Xplatform A vulnerability of XPlatform could allow an unauthenticated attacker to execute arbitrary command. | 9.8 |
| 2021-03-24 | CVE-2020-7853 | Out-of-bounds Write vulnerability in Tobesoft Xplatform An outbound read/write vulnerability exists in XPLATFORM that does not check offset input ranges, allowing out-of-range data to be read. | 9.8 |
| 2020-07-17 | CVE-2020-7825 | OS Command Injection vulnerability in Tobesoft Miplatform 2019.05.16 A vulnerability exists that could allow the execution of operating system commands on systems running MiPlatform 2019.05.16 and earlier. | 9.8 |
| 2020-07-10 | CVE-2020-7815 | Unspecified vulnerability in Tobesoft Xplatform XPLATFORM v9.2.260 and eariler versions contain a vulnerability that could allow remote files to be downloaded by setting the arguments to the vulnerable method. | 9.8 |
| 2020-05-06 | CVE-2020-7806 | Download of Code Without Integrity Check vulnerability in Tobesoft Xplatform Tobesoft Xplatform 9.2.2.250 and earlier version have an arbitrary code execution vulnerability by using method supported by Xplatform ActiveX Control. | 9.8 |
| 2020-05-06 | CVE-2019-19167 | Unspecified vulnerability in Tobesoft Nexacro Tobesoft Nexacro v2019.9.25.1 and earlier version have an arbitrary code execution vulnerability by using method supported by Nexacro14 ActiveX Control. | 9.8 |