VYPR
Vendor

Clipsoft

Products
1
CVEs
6
Across products
6
Status
Private

Products

1

Recent CVEs

6
  • CVE-2019-17323HigOct 30, 2019
    risk 0.57cvss 8.8epss 0.02

    ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file creation and execution via report print function of rexpert viewer with modified XML document. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page.

  • CVE-2019-17326MedOct 30, 2019
    risk 0.42cvss 6.5epss 0.01

    ClipSoft REXPERT 1.0.0.527 and earlier version allows remote attacker to arbitrary file deletion by issuing a HTTP GET request with a specially crafted parameter. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page.

  • CVE-2019-17325MedOct 30, 2019
    risk 0.42cvss 6.5epss 0.01

    ClipSoft REXPERT 1.0.0.527 and earlier version allows remote attacker to upload arbitrary local file via the ActiveX method in RexViewerCtrl30.ocx. That could lead to disclosure of sensitive information. User interaction is required to exploit this vulnerability in that the…

  • CVE-2019-17324MedOct 30, 2019
    risk 0.42cvss 6.5epss 0.01

    ClipSoft REXPERT 1.0.0.527 and earlier version allows directory traversal by issuing a special HTTP POST request with ../ characters. This could lead to create malicious HTML file, because they can inject a content with crafted template. User interaction is required to exploit…

  • CVE-2019-17322MedOct 30, 2019
    risk 0.42cvss 6.5epss 0.01

    ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file creation via a POST request with the parameter set to the file path to be written. This can be an executable file that is written to in the arbitrary directory. User interaction is required to exploit this…

  • CVE-2019-17321MedOct 30, 2019
    risk 0.35cvss 5.3epss 0.01

    ClipSoft REXPERT 1.0.0.527 and earlier version have an information disclosure issue. When requesting web page associated with session, could leak username via session file path of HTTP response data. No authentication is required.