CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-13439
https://notcve.org/view.php?id=CVE-2018-13439
WXPayUtil in WeChat Pay Java SDK allows XXE attacks involving a merchant notification URL. WXPayUtil en WeChat Pay Java SDK permite ataques XEE (XML External Entity) relacionados con una URL de notificación merchant. • https://packetstormsecurity.com/files/148390/WeChat-Pay-SDK-XXE-Injection.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2018-11616 – Tencent Foxmail URI parsing Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-11616
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Tencent Foxmail 7.2.9.115. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI handlers. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. • https://zerodayinitiative.com/advisories/ZDI-18-584 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-16216
https://notcve.org/view.php?id=CVE-2017-16216
tencent-server is a simple web server. tencent-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. "tencent-server" es un servidor web sencillo. "tencent-server" es vulnerable a un problema de salto de directorio que otorga a un atacante acceso al sistema de archivos colocando "../" en la URL. • https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/tencent-server https://nodesecurity.io/advisories/418 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2011-4864
https://notcve.org/view.php?id=CVE-2011-4864
The Tencent MobileQQ (com.tencent.mobileqq) application 2.2 for Android does not properly protect data, which allows remote attackers to read or modify messages and a friends list via a crafted application. La aplicación MobileQQ (com.tencent.mobileqq) v2.2 para Android no protege correctamente los datos, lo que permite a atacantes remotos leer o modificar mensajes y una lista de amigos a través de una aplicación modificada. • http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4864-vulnerability-in-MobileQQ.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2011-4863
https://notcve.org/view.php?id=CVE-2011-4863
The Tencent QQPimSecure (com.tencent.qqpimsecure) application 3.0.2 for Android does not properly protect data, which allows remote attackers to read or modify SMS/MMS messages and a contact list via a crafted application. La aplicación QQPimSecure (com.tencent.qqpimsecure) v3.0.2 para Android no protege correctamente los datos, lo que permite a atacantes remotos leer o modificar mensajes SMS/MMS y una lista de contactos a través de una aplicación modificada. • http://secunia.com/advisories/48432 http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4863-vulnerability-in-QQPimSecure.html • CWE-264: Permissions, Privileges, and Access Controls •