CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10653 – CHANGING Information Technology IDExpert - OS Command Injection
https://notcve.org/view.php?id=CVE-2024-10653
IDExpert from CHANGING Information Technology does not properly validate a specific parameter in the administrator interface, allowing remote attackers with administrative privileges to inject and execute OS commands on the server. • https://www.twcert.org.tw/en/cp-139-8175-57245-2.html https://www.twcert.org.tw/tw/cp-132-8174-a17fd-1.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10652 – CHANGING Information Technology IDExpert - Reflected XSS
https://notcve.org/view.php?id=CVE-2024-10652
IDExpert from CHANGING Information Technology does not properly validate a parameter for a specific functionality, allowing unauthenticated remote attackers to inject JavsScript code and perform Reflected Cross-site scripting attacks. • https://www.twcert.org.tw/en/cp-139-8173-f8bbc-2.html https://www.twcert.org.tw/tw/cp-132-8172-a02cc-1.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10651 – CHANGING Information Technology IDExpert - Arbitrary File Read through Path Traversal
https://notcve.org/view.php?id=CVE-2024-10651
IDExpert from CHANGING Information Technology does not properly validate a specific parameter in the administrator interface, allowing remote attackers with administrator privileges to exploit this vulnerability to read arbitrary system files. • https://www.twcert.org.tw/en/cp-139-8171-29297-2.html https://www.twcert.org.tw/tw/cp-132-8170-48a4e-1.html • CWE-36: Absolute Path Traversal •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40723 – CHANGING Information Technology HWATAIServiSign Windows Version - Stack-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2024-40723
The specific API in HWATAIServiSign Windows Version from CHANGING Information Technology does not properly validate the length of server-side inputs. When a user visits a spoofed website, unauthenticated remote attackers can cause a stack-based buffer overflow in the HWATAIServiSign, temporarily disrupting its service. • https://www.twcert.org.tw/tw/cp-132-7968-ce2ef-1.html https://www.twcert.org.tw/en/cp-139-7974-0562f-2.html • CWE-121: Stack-based Buffer Overflow •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40722 – CHANGING Information Technology TCBServiSign Windows Version - Stack-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2024-40722
The specific API in TCBServiSign Windows Version from CHANGING Information Technology does does not properly validate the length of server-side input. When a user visits a spoofed website, unauthenticated remote attackers can cause a stack-based buffer overflow in the TCBServiSign, temporarily disrupting its service. • https://www.twcert.org.tw/tw/cp-132-7967-9efdf-1.html https://www.twcert.org.tw/en/cp-139-7973-e10c6-2.html • CWE-121: Stack-based Buffer Overflow •