Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
NEXACRO14 Runtime arbitrary file download and execution vulnerability
Vulnerability Description
Download of code without integrity check vulnerability in NEXACRO14 Runtime ActiveX control of tobesoft Co., Ltd allows the attacker to cause an arbitrary file download and execution. This vulnerability is due to incomplete validation of file download URL or file extension.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
下载代码缺少完整性检查
Vulnerability Title
Tobesoft NEXACRO14 安全漏洞
Vulnerability Description
Tobesoft NEXACRO14是韩国Tobesoft公司的一个 BUX 平台,是作为基于 JavaScript 的独立框架开发的,以适应公司的各种开发需求。使用 Nexacro 平台开发的应用程序无需额外开发即可在各种操作系统、浏览器和设备中实现相同的功能。 Tobesoft NEXACRO14 Runtime ActiveX控件存在安全漏洞,该漏洞源于文件下载URL或文件扩展名的验证不完整。攻击者可利用该漏洞下载和执行任意文件
CVSS Information
N/A
Vulnerability Type
N/A