Filtered by vendor Microsoft
Subscribe
Total
21337 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7880 | 2 Douzone, Microsoft | 2 Neors, Windows | 2024-11-21 | 9.3 HIGH | 7.5 HIGH |
| The vulnerabilty was discovered in ActiveX module related to NeoRS remote support program. This issue allows an remote attacker to download and execute remote file. It is because of improper parameter validation of StartNeoRS function in ActiveX. | |||||
| CVE-2020-7878 | 2 4nb, Microsoft | 2 Videooffice, Windows | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file download and execution vulnerability was found in the VideoOffice X2.9 and earlier versions (CVE-2020-7878). This issue is due to missing support for integrity check. | |||||
| CVE-2020-7877 | 2 Mastersoft, Microsoft | 3 Zook Agent, Zook Viewer, Windows | 2024-11-21 | 6.5 MEDIUM | 8.0 HIGH |
| A buffer overflow issue was discovered in ZOOK solution(remote administration tool) through processing 'ConnectMe' command while parsing a crafted OUTERIP value because of missing boundary check. This vulnerability allows the attacker to execute remote arbitrary command. | |||||
| CVE-2020-7875 | 2 Dext5, Microsoft | 2 Dext5upload, Windows | 2024-11-21 | 6.8 MEDIUM | 7.5 HIGH |
| DEXT5 Upload 5.0.0.117 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote file by setting the argument, variable in the activeX module. This can be leveraged for code execution. | |||||
| CVE-2020-7874 | 2 Microsoft, Tobesoft | 2 Windows, Nexacro | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Download of code without integrity check vulnerability in NEXACRO14 Runtime ActiveX control of tobesoft Co., Ltd allows the attacker to cause an arbitrary file download and execution. This vulnerability is due to incomplete validation of file download URL or file extension. | |||||
| CVE-2020-7869 | 2 Mastersoft, Microsoft | 2 Zook, Windows | 2024-11-21 | 9.0 HIGH | 9.0 CRITICAL |
| An improper input validation vulnerability of ZOOK software (remote administration tool) could allow a remote attacker to create arbitrary file. The ZOOK viewer has the "Tight file CMD" function to create file. An attacker could create and execute arbitrary file in the ZOOK agent program using "Tight file CMD" without authority. | |||||
| CVE-2020-7868 | 2 Helpu, Microsoft | 2 Helpu, Windows | 2024-11-21 | 10.0 HIGH | 9.6 CRITICAL |
| A remote code execution vulnerability exists in helpUS(remote administration tool) due to improper validation of parameter of ShellExecutionExA function used for login. | |||||
| CVE-2020-7861 | 2 Anysupport, Microsoft | 2 Anysupport, Windows | 2024-11-21 | 7.5 HIGH | 8.4 HIGH |
| AnySupport (Remote support solution) before 2019.3.21.0 allows directory traversing because of swprintf function to copy file from a management PC to a client PC. This can be lead to arbitrary file execution. | |||||
| CVE-2020-7858 | 2 Cdnetworks, Microsoft | 2 Aquanplayer, Windows | 2024-11-21 | 5.0 MEDIUM | 6.8 MEDIUM |
| There is a directory traversing vulnerability in the download page url of AquaNPlayer 2.0.0.92. The IP of the download page url is localhost and an attacker can traverse directories using "dot dot" sequences(../../) to view host file on the system. This vulnerability can cause information leakage. | |||||
| CVE-2020-7853 | 2 Microsoft, Tobesoft | 2 Windows, Xplatform | 2024-11-21 | 7.5 HIGH | 5.5 MEDIUM |
| An outbound read/write vulnerability exists in XPLATFORM that does not check offset input ranges, allowing out-of-range data to be read. An attacker can exploit arbitrary code execution. | |||||
| CVE-2020-7852 | 2 Hmtalk, Microsoft | 2 Daviewindy, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| DaviewIndy has a Heap-based overflow vulnerability, triggered when the user opens a malformed ex.j2c format file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. | |||||
| CVE-2020-7851 | 4 Apple, Innorix, Linux and 1 more | 4 Macos, File Transfer Solution, Linux Kernel and 1 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Innorix Web-Based File Transfer Solution versuibs prior to and including 9.2.18.385 contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the internal method. A remote attacker could induce a user to access a crafted web page, causing damage such as malicious code infection. | |||||
| CVE-2020-7850 | 2 Douzone, Microsoft | 2 Nbbdownloader.ocx, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| NBBDownloader.ocx ActiveX Control in Groupware contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the activex method. A remote attacker could induce a user to access a crafted web page, causing damage such as malicious code infection. | |||||
| CVE-2020-7849 | 2 Microsoft, Uprism | 2 Windows, Curix | 2024-11-21 | 6.8 MEDIUM | 8.0 HIGH |
| A vulnerability of uPrism.io CURIX(Video conferecing solution) could allow an unauthenticated attacker to execute arbitrary code. This vulnerability is due to insufficient input(server domain) validation. An attacker could exploit this vulnerability through crafted URL. | |||||
| CVE-2020-7838 | 2 Microsoft, Onstove | 2 Windows, Stove | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A arbitrary code execution vulnerability exists in the way that the Stove client improperly validates input value. An attacker could execute arbitrary code when the user access to crafted web page. This issue affects: Smilegate STOVE Client 0.0.4.72. | |||||
| CVE-2020-7832 | 2 Dext5, Microsoft | 2 Dext5, Windows | 2024-11-21 | 7.5 HIGH | 8.8 HIGH |
| A vulnerability (improper input validation) in the DEXT5 Upload solution allows an unauthenticated attacker to download and execute an arbitrary file via AddUploadFile, SetSelectItem, DoOpenFile function.(CVE-2020-7832) | |||||
| CVE-2020-7831 | 2 Inogard, Microsoft | 2 Ebiz4u, Windows | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability in the web-based contract management service interface Ebiz4u of INOGARD could allow an victim user to download any file. The attacker is able to use startup menu directory via directory traversal for automatic execution. The victim user need to reboot, however. | |||||
| CVE-2020-7829 | 2 Hmtalk, Microsoft | 2 Daviewindy, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vulnerability, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. | |||||
| CVE-2020-7828 | 2 Hmtalk, Microsoft | 2 Daviewindy, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vulnerability, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. | |||||
| CVE-2020-7827 | 2 Hmtalk, Microsoft | 2 Daviewindy, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| DaviewIndy 8.98.7 and earlier version contain Use-After-Free vulnerability, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. | |||||