Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ozeki vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-14022
Ozeki NG SMS Gateway 4.17.1 up to and including 4.17.6 does not check the file type when bulk importing new contacts ("Import Contacts" functionality) from a file. It is possible to upload an executable or .bat file that can be executed with the help of a functionality ...
Ozeki Ozeki Ng Sms Gateway
5.3
CVSSv3
CVE-2020-14027
An issue exists in Ozeki NG SMS Gateway up to and including 4.17.6. The database connection strings accept custom unsafe arguments, such as ENABLE_LOCAL_INFILE, that can be leveraged by malicious users to enable MySQL Load Data Local (rogue MySQL server) attacks.
Ozeki Ozeki Ng Sms Gateway
7.2
CVSSv3
CVE-2020-14030
An issue exists in Ozeki NG SMS Gateway up to and including 4.17.6. It stores SMS messages in .NET serialized format on the filesystem. By generating (and writing to the disk) malicious .NET serialized files, an attacker can trick the product into deserializing them, resulting in...
Ozeki Ozeki Ng Sms Gateway
4.9
CVSSv3
CVE-2020-14021
An issue exists in Ozeki NG SMS Gateway up to and including 4.17.6. The ASP.net SMS module can be used to read and validate the source code of ASP files. By altering the path, it can be made to read any file on the Operating System, usually with NT AUTHORITY\SYSTEM privileges.
Ozeki Ozeki Ng Sms Gateway
6.1
CVSSv3
CVE-2020-14024
Ozeki NG SMS Gateway up to and including 4.17.6 has multiple authenticated stored and/or reflected XSS vulnerabilities via the (1) Receiver or Recipient field in the Mailbox feature, (2) OZFORM_GROUPNAME field in the Group configuration of addresses, (3) listname field in the Def...
Ozeki Ozeki Ng Sms Gateway
7.2
CVSSv3
CVE-2020-14031
An issue exists in Ozeki NG SMS Gateway up to and including 4.17.6. The outbox functionality of the TXT File module can be used to delete all/most files in a folder. Because the product usually runs as NT AUTHORITY\SYSTEM, the only files that will not be deleted are those current...
Ozeki Ozeki Ng Sms Gateway
4.9
CVSSv3
CVE-2020-14023
Ozeki NG SMS Gateway up to and including 4.17.6 allows SSRF via SMS WCF or RSS To SMS.
Ozeki Ozeki Ng Sms Gateway
8.8
CVSSv3
CVE-2020-14025
Ozeki NG SMS Gateway up to and including 4.17.6 has multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as installing new modules or changing a password.
Ozeki Ozeki Ng Sms Gateway
8.8
CVSSv3
CVE-2020-14026
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the Export Of Contacts feature in Ozeki NG SMS Gateway up to and including 4.17.6 via a value that is mishandled in a CSV export.
Ozeki Ozeki Ng Sms Gateway
7.2
CVSSv3
CVE-2020-14028
An issue exists in Ozeki NG SMS Gateway up to and including 4.17.6. By leveraging a path traversal vulnerability in the Autoreply module's Script Name, an attacker may write to or overwrite arbitrary files, with arbitrary content, usually with NT AUTHORITY\SYSTEM privileges.
Ozeki Ozeki Ng Sms Gateway
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »