8 results (0.007 seconds)

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

IDExpert from CHANGING Information Technology does not properly validate a specific parameter in the administrator interface, allowing remote attackers with administrative privileges to inject and execute OS commands on the server. • https://www.twcert.org.tw/en/cp-139-8175-57245-2.html https://www.twcert.org.tw/tw/cp-132-8174-a17fd-1.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

IDExpert from CHANGING Information Technology does not properly validate a parameter for a specific functionality, allowing unauthenticated remote attackers to inject JavsScript code and perform Reflected Cross-site scripting attacks. • https://www.twcert.org.tw/en/cp-139-8173-f8bbc-2.html https://www.twcert.org.tw/tw/cp-132-8172-a02cc-1.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0

IDExpert from CHANGING Information Technology does not properly validate a specific parameter in the administrator interface, allowing remote attackers with administrator privileges to exploit this vulnerability to read arbitrary system files. • https://www.twcert.org.tw/en/cp-139-8171-29297-2.html https://www.twcert.org.tw/tw/cp-132-8170-48a4e-1.html • CWE-36: Absolute Path Traversal •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

The specific API in HWATAIServiSign Windows Version from CHANGING Information Technology does not properly validate the length of server-side inputs. When a user visits a spoofed website, unauthenticated remote attackers can cause a stack-based buffer overflow in the HWATAIServiSign, temporarily disrupting its service. • https://www.twcert.org.tw/tw/cp-132-7968-ce2ef-1.html https://www.twcert.org.tw/en/cp-139-7974-0562f-2.html • CWE-121: Stack-based Buffer Overflow •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

The specific API in TCBServiSign Windows Version from CHANGING Information Technology does does not properly validate the length of server-side input. When a user visits a spoofed website, unauthenticated remote attackers can cause a stack-based buffer overflow in the TCBServiSign, temporarily disrupting its service. • https://www.twcert.org.tw/tw/cp-132-7967-9efdf-1.html https://www.twcert.org.tw/en/cp-139-7973-e10c6-2.html • CWE-121: Stack-based Buffer Overflow •