Filtered by vendor Ozeki
Subscribe
Search
Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-14030 | 1 Ozeki | 1 Ozeki Ng Sms Gateway | 2020-10-09 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. It stores SMS messages in .NET serialized format on the filesystem. By generating (and writing to the disk) malicious .NET serialized files, an attacker can trick the product into deserializing them, resulting in arbitrary code execution. | |||||
| CVE-2020-14022 | 1 Ozeki | 1 Ozeki Ng Sms Gateway | 2020-09-26 | 9.0 HIGH | 8.8 HIGH |
| Ozeki NG SMS Gateway 4.17.1 through 4.17.6 does not check the file type when bulk importing new contacts ("Import Contacts" functionality) from a file. It is possible to upload an executable or .bat file that can be executed with the help of a functionality (E.g. the "Application Starter" module) within the application. | |||||
| CVE-2020-14025 | 1 Ozeki | 1 Ozeki Ng Sms Gateway | 2020-09-26 | 6.8 MEDIUM | 8.8 HIGH |
| Ozeki NG SMS Gateway through 4.17.6 has multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as installing new modules or changing a password. | |||||
| CVE-2020-14026 | 1 Ozeki | 1 Ozeki Ng Sms Gateway | 2020-09-26 | 9.3 HIGH | 8.8 HIGH |
| CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the Export Of Contacts feature in Ozeki NG SMS Gateway through 4.17.6 via a value that is mishandled in a CSV export. | |||||
| CVE-2020-14028 | 1 Ozeki | 1 Ozeki Ng Sms Gateway | 2020-09-26 | 9.0 HIGH | 7.2 HIGH |
| An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. By leveraging a path traversal vulnerability in the Autoreply module's Script Name, an attacker may write to or overwrite arbitrary files, with arbitrary content, usually with NT AUTHORITY\SYSTEM privileges. | |||||
| CVE-2020-14031 | 1 Ozeki | 1 Ozeki Ng Sms Gateway | 2020-09-26 | 9.0 HIGH | 7.2 HIGH |
| An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The outbox functionality of the TXT File module can be used to delete all/most files in a folder. Because the product usually runs as NT AUTHORITY\SYSTEM, the only files that will not be deleted are those currently being run by the system and/or files that have special security attributes (e.g., Windows Defender files). | |||||
| CVE-2020-14029 | 1 Ozeki | 1 Ozeki Ng Sms Gateway | 2020-09-26 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The RSS To SMS module processes XML files in an unsafe manner. This opens the application to an XML External Entity attack that can be used to perform SSRF or read arbitrary local files. | |||||