Eunsol Lee

#7364of 53,633
37.2Total CVSS
Vulnerabilities · 4
High
2
Critical
2
PT-2020-19807
8.8
2020-08-07
Unknown · Egroupware · CVE-2020-7810
**Name of the Vulnerable Software and Affected Versions** Groupware (affected versions not specified) **Description** The issue is related to the hslogin2.dll ActiveX Control in Groupware, which lacks integrity verification of policy files during the update process. This allows a remote attacker to induce a user to visit a crafted web page, potentially leading to malicious code infection by downloading and executing remote files. The attacker can exploit this by setting specific arguments to the ActiveX method. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2020-10065
8.8
2020-06-29
Reportexpress · Reportexpress Proplus · CVE-2019-19160
**Name of the Vulnerable Software and Affected Versions** Reportexpress ProPlus (affected versions not specified) **Description** The issue allows for arbitrary code execution by inserting VBscript into the configure file (rxp). This can be achieved through the configuration file, potentially allowing malicious actions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2020-19809
9.8
2020-05-28
Kaoni · Ezhttptrans · CVE-2020-7812
**Name of the Vulnerable Software and Affected Versions** Kaoni ezHTTPTrans versions 1.0.0.70 and prior **Description** The issue allows a remote attacker to download arbitrary files by setting specific arguments to an ActiveX method, potentially leading to code execution if the victim's PC is rebooted. **Recommendations** For versions 1.0.0.70 and prior, consider disabling the vulnerable ActiveX control until a patch is available. Restrict access to the affected ActiveX method to minimize the risk of exploitation.
PT-2020-19810
9.8
2020-05-22
Kaoni · Ezhttptrans · CVE-2020-7813
**Name of the Vulnerable Software and Affected Versions** Kaoni ezHTTPTrans versions 1.0.0.70 and prior **Description** The issue allows a remote attacker to download and execute arbitrary files by setting the arguments to the ActiveX method, which can be leveraged for code execution. **Recommendations** For versions 1.0.0.70 and prior, consider disabling the ActiveX control until a patch is available to prevent remote attackers from downloading and executing arbitrary files.