Vulnerabilities > Tobesoft > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-26 | CVE-2021-26629 | Path Traversal vulnerability in Tobesoft Xplatform A path traversal vulnerability in XPLATFORM's runtime archive function could lead to arbitrary file creation. | 6.8 |
| 2022-04-19 | CVE-2021-26625 | Insufficient Verification of Data Authenticity vulnerability in Tobesoft Nexacro 17.1.2.500/17.1.2.600/17.1.3.301 Insufficient Verification of input Data leading to arbitrary file download and execute was discovered in Nexacro platform. | 6.8 |
| 2022-04-19 | CVE-2021-26626 | Improper Input Validation vulnerability in Tobesoft Xplatform Improper input validation vulnerability in XPLATFORM's execBrowser method can cause execute arbitrary commands. | 5.1 |
| 2022-02-09 | CVE-2021-26613 | Improper Input Validation vulnerability in Tobesoft Nexacro improper input validation vulnerability in nexacro permits copying file to the startup folder using rename method. | 5.0 |
| 2021-09-09 | CVE-2020-7874 | Download of Code Without Integrity Check vulnerability in Tobesoft Nexacro 14.0.0.0 Download of code without integrity check vulnerability in NEXACRO14 Runtime ActiveX control of tobesoft Co., Ltd allows the attacker to cause an arbitrary file download and execution. | 6.8 |
| 2020-11-17 | CVE-2020-7841 | Improper Input Validation vulnerability in Tobesoft Xplatform Improper input validation vulnerability exists in TOBESOFT XPLATFORM which could cause arbitrary .hta file execution when the command string is begun with http://, https://, mailto:// | 6.8 |
| 2020-05-11 | CVE-2019-19162 | Use After Free vulnerability in Tobesoft Xplatform A use-after-free vulnerability in the TOBESOFT XPLATFORM versions 9.1 to 9.2.2 may lead to code execution on a system running it. | 6.8 |
| 2020-05-06 | CVE-2019-19166 | Unspecified vulnerability in Tobesoft Xplatform Tobesoft XPlatform v9.1, 9.2.0, 9.2.1 and 9.2.2 have a vulnerability that can load unauthorized DLL files. | 4.4 |
| 2019-01-02 | CVE-2018-5197 | Improper Input Validation vulnerability in Tobesoft Xplatform 9.2/9.2.1/9.2.2 A vulnerability in the ExtCommon.dll user extension module version 9.2, 9.2.1, 9.2.2 of Xplatform ActiveX could allow attacker to perform a command injection attack. | 6.8 |