Ozeki Ng Sms Gateway

ozeki_ng_sms_gateway

Vendor: Ozeki • 11 CVEs

CVEs (11)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-14030 1Ozeki 1Ozeki Ng Sms Gateway Nov 21, 2024 Sep 30, 2020 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. It stores SMS messages in .NET serialized format on the filesystem. By generating (and writing to the disk) malicious .NET serialized files, an attacker can...Show more An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. It stores SMS messages in .NET serialized format on the filesystem. By generating (and writing to the disk) malicious .NET serialized files, an attacker can trick the product into deserializing them, resulting in arbitrary code execution.Show less
CVE-2020-14031 1Ozeki 1Ozeki Ng Sms Gateway Nov 21, 2024 Sep 22, 2020 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The outbox functionality of the TXT File module can be used to delete all/most files in a folder. Because the product usually runs as NT AUTHORITY\SYSTEM, t...Show more An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The outbox functionality of the TXT File module can be used to delete all/most files in a folder. Because the product usually runs as NT AUTHORITY\SYSTEM, the only files that will not be deleted are those currently being run by the system and/or files that have special security attributes (e.g., Windows Defender files).Show less
CVE-2020-14028 1Ozeki 1Ozeki Ng Sms Gateway Nov 21, 2024 Sep 22, 2020 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. By leveraging a path traversal vulnerability in the Autoreply module's Script Name, an attacker may write to or overwrite arbitrary files, with arbitrary co...Show more An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. By leveraging a path traversal vulnerability in the Autoreply module's Script Name, an attacker may write to or overwrite arbitrary files, with arbitrary content, usually with NT AUTHORITY\SYSTEM privileges.Show less
CVE-2020-14027 1Ozeki 1Ozeki Ng Sms Gateway Nov 21, 2024 Sep 22, 2020 N/A· v4 5.3 MEDIUM· v3 3.5 LOW· v2 An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The database connection strings accept custom unsafe arguments, such as ENABLE_LOCAL_INFILE, that can be leveraged by attackers to enable MySQL Load Data Lo...Show more An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The database connection strings accept custom unsafe arguments, such as ENABLE_LOCAL_INFILE, that can be leveraged by attackers to enable MySQL Load Data Local (rogue MySQL server) attacks.Show less
CVE-2020-14026 1Ozeki 1Ozeki Ng Sms Gateway Nov 21, 2024 Sep 22, 2020 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the Export Of Contacts feature in Ozeki NG SMS Gateway through 4.17.6 via a value that is mishandled in a CSV export.
CVE-2020-14025 1Ozeki 1Ozeki Ng Sms Gateway Nov 21, 2024 Sep 22, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Ozeki NG SMS Gateway through 4.17.6 has multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as installing new modules or changing a password...Show more Ozeki NG SMS Gateway through 4.17.6 has multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as installing new modules or changing a password.Show less
CVE-2020-14024 1Ozeki 1Ozeki Ng Sms Gateway Nov 21, 2024 Sep 22, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Ozeki NG SMS Gateway through 4.17.6 has multiple authenticated stored and/or reflected XSS vulnerabilities via the (1) Receiver or Recipient field in the Mailbox feature, (2) OZFORM_GROUPNAME field in the Group configura...Show more Ozeki NG SMS Gateway through 4.17.6 has multiple authenticated stored and/or reflected XSS vulnerabilities via the (1) Receiver or Recipient field in the Mailbox feature, (2) OZFORM_GROUPNAME field in the Group configuration of addresses, (3) listname field in the Defining address lists configuration, or (4) any GET Parameter in the /default URL of the application.Show less
CVE-2020-14023 1Ozeki 1Ozeki Ng Sms Gateway Nov 21, 2024 Sep 22, 2020 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 Ozeki NG SMS Gateway through 4.17.6 allows SSRF via SMS WCF or RSS To SMS.
CVE-2020-14022 1Ozeki 1Ozeki Ng Sms Gateway Nov 21, 2024 Sep 22, 2020 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 Ozeki NG SMS Gateway 4.17.1 through 4.17.6 does not check the file type when bulk importing new contacts ("Import Contacts" functionality) from a file. It is possible to upload an executable or .bat file that can be exec...Show more Ozeki NG SMS Gateway 4.17.1 through 4.17.6 does not check the file type when bulk importing new contacts ("Import Contacts" functionality) from a file. It is possible to upload an executable or .bat file that can be executed with the help of a functionality (E.g. the "Application Starter" module) within the application.Show less
CVE-2020-14029 1Ozeki 1Ozeki Ng Sms Gateway Nov 21, 2024 Sep 18, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The RSS To SMS module processes XML files in an unsafe manner. This opens the application to an XML External Entity attack that can be used to perform SSRF...Show more An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The RSS To SMS module processes XML files in an unsafe manner. This opens the application to an XML External Entity attack that can be used to perform SSRF or read arbitrary local files.Show less
CVE-2020-14021 1Ozeki 1Ozeki Ng Sms Gateway Nov 21, 2024 Sep 18, 2020 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The ASP.net SMS module can be used to read and validate the source code of ASP files. By altering the path, it can be made to read any file on the Operating...Show more An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The ASP.net SMS module can be used to read and validate the source code of ASP files. By altering the path, it can be made to read any file on the Operating System, usually with NT AUTHORITY\SYSTEM privileges.Show less