Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Clipsoft Subscribe
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-17326 1 Clipsoft 1 Rexpert 2021-11-03 4.3 MEDIUM 6.5 MEDIUM
ClipSoft REXPERT 1.0.0.527 and earlier version allows remote attacker to arbitrary file deletion by issuing a HTTP GET request with a specially crafted parameter. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page.
CVE-2019-17322 1 Clipsoft 1 Rexpert 2021-11-03 4.3 MEDIUM 6.5 MEDIUM
ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file creation via a POST request with the parameter set to the file path to be written. This can be an executable file that is written to in the arbitrary directory. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page.
CVE-2019-17321 1 Clipsoft 1 Rexpert 2019-11-01 5.0 MEDIUM 5.3 MEDIUM
ClipSoft REXPERT 1.0.0.527 and earlier version have an information disclosure issue. When requesting web page associated with session, could leak username via session file path of HTTP response data. No authentication is required.
CVE-2019-17323 1 Clipsoft 1 Rexpert 2019-11-01 6.8 MEDIUM 8.8 HIGH
ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file creation and execution via report print function of rexpert viewer with modified XML document. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page.
CVE-2019-17324 1 Clipsoft 1 Rexpert 2019-11-01 4.3 MEDIUM 6.5 MEDIUM
ClipSoft REXPERT 1.0.0.527 and earlier version allows directory traversal by issuing a special HTTP POST request with ../ characters. This could lead to create malicious HTML file, because they can inject a content with crafted template. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page.
CVE-2019-17325 1 Clipsoft 1 Rexpert 2019-11-01 4.3 MEDIUM 6.5 MEDIUM
ClipSoft REXPERT 1.0.0.527 and earlier version allows remote attacker to upload arbitrary local file via the ActiveX method in RexViewerCtrl30.ocx. That could lead to disclosure of sensitive information. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page.