CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-24160
https://notcve.org/view.php?id=CVE-2020-24160
03 Sep 2020 — Shenzhen Tencent TIM Windows client 3.0.0.21315 has a DLL hijacking vulnerability, which can be exploited by attackers to execute malicious code. El cliente Shenzhen Tencent TIM Windows versión 3.0.0.21315, presenta una vulnerabilidad de secuestro de DLL, que puede ser explotada por los atacantes para ejecutar código malicioso • https://www.cnvd.org.cn/flaw/show/2105395 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 4%CPEs: 1EXPL: 1CVE-2020-10551
https://notcve.org/view.php?id=CVE-2020-10551
09 Apr 2020 — QQBrowser before 10.5.3870.400 installs a Windows service TsService.exe. This file is writable by anyone belonging to the NT AUTHORITY\Authenticated Users group, which includes all local and remote users. This can be abused by local attackers to escalate privileges to NT AUTHORITY\SYSTEM by writing a malicious executable to the location of TsService. QQBrowser versiones anteriores a 10.5.3870.400, instala un servicio TsService.exe de Windows. Este archivo puede ser escrito por cualquier persona que pertenez... • https://github.com/seqred-s-a/CVE-2020-10551 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-17151 – Tencent WeChat name Field Unsafe Redirection Vulnerability
https://notcve.org/view.php?id=CVE-2019-17151
31 Dec 2019 — This vulnerability allows remote attackers redirect users to an external resource on affected installations of Tencent WeChat Prior to 7.0.9. User interaction is required to exploit this vulnerability in that the target must be within a chat session together with the attacker. The specific flaw exists within the parsing of a users profile. The issue lies in the failure to properly validate a users name. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of... • https://www.zerodayinitiative.com/advisories/ZDI-19-1035 • CWE-356: Product UI does not Warn User of Unsafe Actions CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-13125
https://notcve.org/view.php?id=CVE-2019-13125
01 Jul 2019 — HaboMalHunter through 2.0.0.3 in Tencent Habo allows attackers to evade dynamic malware analysis via PIE compilation. HaboMalHunter hasta la versión 2.0.0.3 en Tencent Habo permite a los atacantes evadir el análisis dinámico de malware mediante la compilación PIE. • https://github.com/Tencent/HaboMalHunter/issues/23 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 3%CPEs: 1EXPL: 3CVE-2019-11419 – WeChat for Android 7.0.4 - 'vcodec2_hls_filter' Denial of Service
https://notcve.org/view.php?id=CVE-2019-11419
14 May 2019 — vcodec2_hls_filter in libvoipCodec_v7a.so in the WeChat application through 7.0.3 for Android allows attackers to cause a denial of service (application crash) by replacing an emoji file (under the /sdcard/tencent/MicroMsg directory) with a crafted .wxgf file. The content of the replacement must be derived from the phone's IMEI. The crash occurs upon receiving a message that contains the replaced emoji. vcodec2_hls_filter en libvoipCodec_v7a.so en la aplicación WeChat hasta 7.0.3 para Android permite a los ... • https://packetstorm.news/files/id/152947 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-13439
https://notcve.org/view.php?id=CVE-2018-13439
08 Jul 2018 — WXPayUtil in WeChat Pay Java SDK allows XXE attacks involving a merchant notification URL. WXPayUtil en WeChat Pay Java SDK permite ataques XEE (XML External Entity) relacionados con una URL de notificación merchant. • https://packetstormsecurity.com/files/148390/WeChat-Pay-SDK-XXE-Injection.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2018-11616 – Tencent Foxmail URI parsing Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-11616
13 Jun 2018 — This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Tencent Foxmail 7.2.9.115. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI handlers. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under th... • https://zerodayinitiative.com/advisories/ZDI-18-584 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-16216
https://notcve.org/view.php?id=CVE-2017-16216
07 Jun 2018 — tencent-server is a simple web server. tencent-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. "tencent-server" es un servidor web sencillo. "tencent-server" es vulnerable a un problema de salto de directorio que otorga a un atacante acceso al sistema de archivos colocando "../" en la URL. • https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/tencent-server • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2011-4863
https://notcve.org/view.php?id=CVE-2011-4863
25 Jan 2012 — The Tencent QQPimSecure (com.tencent.qqpimsecure) application 3.0.2 for Android does not properly protect data, which allows remote attackers to read or modify SMS/MMS messages and a contact list via a crafted application. La aplicación QQPimSecure (com.tencent.qqpimsecure) v3.0.2 para Android no protege correctamente los datos, lo que permite a atacantes remotos leer o modificar mensajes SMS/MMS y una lista de contactos a través de una aplicación modificada. • http://secunia.com/advisories/48432 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2011-4864
https://notcve.org/view.php?id=CVE-2011-4864
25 Jan 2012 — The Tencent MobileQQ (com.tencent.mobileqq) application 2.2 for Android does not properly protect data, which allows remote attackers to read or modify messages and a friends list via a crafted application. La aplicación MobileQQ (com.tencent.mobileqq) v2.2 para Android no protege correctamente los datos, lo que permite a atacantes remotos leer o modificar mensajes y una lista de amigos a través de una aplicación modificada. • http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4864-vulnerability-in-MobileQQ.html • CWE-264: Permissions, Privileges, and Access Controls •