Filtered by vendor Articatech
Subscribe
Search
Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-40680 | 1 Articatech | 1 Web Proxy | 2022-05-04 | 5.5 MEDIUM | 8.1 HIGH |
| There is a Directory Traversal vulnerability in Artica Proxy (4.30.000000 SP206 through SP255, and VMware appliance 4.30.000000 through SP273) via the filename parameter to /cgi-bin/main.cgi. | |||||
| CVE-2020-17505 | 1 Articatech | 1 Web Proxy | 2020-09-22 | 9.0 HIGH | 8.8 HIGH |
| Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform. | |||||
| CVE-2019-7300 | 1 Articatech | 1 Artica Proxy | 2020-08-24 | 9.0 HIGH | 7.2 HIGH |
| Artica Proxy 3.06.200056 allows remote attackers to execute arbitrary commands as root by reading the ressources/settings.inc ldap_admin and ldap_password fields, using these credentials at logon.php, and then entering the commands in the admin.index.php command-line field. | |||||
| CVE-2020-15052 | 1 Articatech | 1 Artica Proxy | 2020-07-22 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Artica Proxy CE before 4.28.030.418. SQL Injection exists via the Netmask, Hostname, and Alias fields. | |||||
| CVE-2020-13158 | 1 Articatech | 1 Artica Proxy | 2020-07-01 | 5.0 MEDIUM | 7.5 HIGH |
| Artica Proxy before 4.30.000000 Community Edition allows Directory Traversal via the fw.progrss.details.php popup parameter. | |||||
| CVE-2020-10818 | 1 Articatech | 1 Artica Proxy | 2020-03-25 | 6.5 MEDIUM | 7.2 HIGH |
| Artica Proxy 4.26 allows remote command execution for an authenticated user via shell metacharacters in the "Modify the hostname" field. | |||||