← Back

Handysoft

handysoft

4 CVEs • 3 products

Products (3)

Click to collapse
Toggle
Groupware
groupware
2 CVEs
Hslogin2.dll
hslogin2.dll
1 CVE
Hshell
hshell
1 CVE

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-26630
1Handysoft
1Groupware
Nov 21, 2024
May 19, 2022
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Improper input validation vulnerability in HANDY Groupware’s ActiveX moudle allows attackers to download or execute arbitrary files. This vulnerability can be exploited by using the file download or execution path as the...Show more
Improper input validation vulnerability in HANDY Groupware’s ActiveX moudle allows attackers to download or execute arbitrary files. This vulnerability can be exploited by using the file download or execution path as the parameter value of the vulnerable function.Show less
CVE-2021-26608
1Handysoft
1Hshell
Nov 21, 2024
Sep 9, 2021
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
An arbitrary file download and execution vulnerability was found in the HShell.dll of handysoft Co., Ltd groupware ActiveX module. This issue is due to missing support for integrity check of download URL or downloaded fi...Show more
An arbitrary file download and execution vulnerability was found in the HShell.dll of handysoft Co., Ltd groupware ActiveX module. This issue is due to missing support for integrity check of download URL or downloaded file hash.Show less
CVE-2020-7810
1Handysoft
1Hslogin2.dll
Nov 21, 2024
Aug 7, 2020
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
hslogin2.dll ActiveX Control in Groupware contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the activex method. This is due to a lack of integrity verificati...Show more
hslogin2.dll ActiveX Control in Groupware contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the activex method. This is due to a lack of integrity verification of the policy files referenced in the update process, and a remote attacker could induce a user to crafted web page, causing damage such as malicious code infection.Show less
CVE-2020-7804
1Handysoft
1Groupware
Nov 21, 2024
Apr 29, 2020
N/A· v4
7.2 HIGH· v3
6.5 MEDIUM· v2
ActiveX Control(HShell.dll) in Handy Groupware 1.7.3.1 for Windows 7, 8, and 10 allows an attacker to execute arbitrary command via the ShellExec method.