Hgiga

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-2150 1Hgiga 1C&cm@il Mar 24, 2025 Mar 10, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The C&Cm@il from HGiga has a Stored Cross-Site Scripting (XSS) vulnerability, allowing remote attackers with regular privileges to send emails containing malicious JavaScript code, which will be executed in the recipient...Show more The C&Cm@il from HGiga has a Stored Cross-Site Scripting (XSS) vulnerability, allowing remote attackers with regular privileges to send emails containing malicious JavaScript code, which will be executed in the recipient's browser when they view the email.Show less
CVE-2024-4299 1Hgiga 1Isherlock Jan 26, 2026 Apr 29, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSherock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative...Show more The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSherock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability for Command Injection attacks, enabling execution of arbitrary system commands.Show less
CVE-2024-4298 1Hgiga 1Isherlock Jan 26, 2026 Apr 29, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 The email search interface of HGiga iSherlock (including MailSherlock, SpamSherock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileg...Show more The email search interface of HGiga iSherlock (including MailSherlock, SpamSherock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability for Command Injection attacks, enabling execution of arbitrary system commands.Show less
CVE-2024-4297 1Hgiga 1Isherlock Jan 26, 2026 Apr 29, 2024 N/A· v4 4.9 MEDIUM· v3 N/A· v2 The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative...Show more The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability to download arbitrary system files.Show less
CVE-2024-4296 1Hgiga 1Isherlock Jan 26, 2026 Apr 29, 2024 N/A· v4 4.9 MEDIUM· v3 N/A· v2 The account management interface of HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative p...Show more The account management interface of HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability to download arbitrary system files.Show less
CVE-2024-26261 1Hgiga 4Oaklouds Organization 2.0 Oaklouds Organization 3.0Oaklouds Webbase 2.0+1 more Jan 23, 2025 Feb 15, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The functionality for file download in HGiga OAKlouds' certain modules contains an Arbitrary File Read and Delete vulnerability. Attackers can put file path in specific request parameters, allowing them to download the f...Show more The functionality for file download in HGiga OAKlouds' certain modules contains an Arbitrary File Read and Delete vulnerability. Attackers can put file path in specific request parameters, allowing them to download the file without login. Furthermore, the file will be deleted after being downloaded.Show less
CVE-2024-26260 1Hgiga 4Oaklouds Organization 2.0 Oaklouds Organization 3.0Oaklouds Webbase 2.0+1 more Jan 23, 2025 Feb 15, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The functionality for synchronization in HGiga OAKlouds' certain moudules has an OS Command Injection vulnerability, allowing remote attackers to inject system commands within specific request parameters. This enables th...Show more The functionality for synchronization in HGiga OAKlouds' certain moudules has an OS Command Injection vulnerability, allowing remote attackers to inject system commands within specific request parameters. This enables the execution of arbitrary code on the remote server without permission.Show less
CVE-2023-37292 1Hgiga 1Isherlock Nov 21, 2024 Jul 21, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in HGiga iSherlock 4.5 (iSherlock-user modules), HGiga iSherlock 5.5 (iSherlock-user modules) allows OS Command Inj...Show more Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in HGiga iSherlock 4.5 (iSherlock-user modules), HGiga iSherlock 5.5 (iSherlock-user modules) allows OS Command Injection.This issue affects iSherlock 4.5: before iSherlock-user-4.5-174; iSherlock 5.5: before iSherlock-user-5.5-174. Show less
CVE-2023-25909 1Hgiga 1Oaklouds Portal Nov 21, 2024 Mar 27, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 HGiga OAKlouds file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbit...Show more HGiga OAKlouds file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary command or disrupt service.Show less
CVE-2023-24842 1Hgiga 1Oaklouds Mailsherlock Nov 21, 2024 Mar 27, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 HGiga MailSherlock has vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to access partial content of another user’s mail by changing user ID and mail ID within U...Show more HGiga MailSherlock has vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to access partial content of another user’s mail by changing user ID and mail ID within URL.Show less
CVE-2023-24841 1Hgiga 1Oaklouds Mailsherlock Nov 21, 2024 Mar 27, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 HGiga MailSherlock query function for connection log has a vulnerability of insufficient filtering for user input. An authenticated remote attacker with administrator privilege can exploit this vulnerability to inject an...Show more HGiga MailSherlock query function for connection log has a vulnerability of insufficient filtering for user input. An authenticated remote attacker with administrator privilege can exploit this vulnerability to inject and execute arbitrary system commands to perform arbitrary system operation or disrupt service.Show less
CVE-2023-24840 1Hgiga 1Oaklouds Mailsherlock Nov 21, 2024 Mar 27, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 HGiga MailSherlock mail query function has vulnerability of insufficient validation for user input. An authenticated remote attacker with administrator privilege can exploit this vulnerability to inject SQL commands to r...Show more HGiga MailSherlock mail query function has vulnerability of insufficient validation for user input. An authenticated remote attacker with administrator privilege can exploit this vulnerability to inject SQL commands to read, modify, and delete the database.Show less
CVE-2023-24839 1Hgiga 1Oaklouds Mailsherlock Nov 21, 2024 Mar 27, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 HGiga MailSherlock’s specific function has insufficient filtering for user input. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript, conducting a reflected XSS attack.
CVE-2023-24838 1Hgiga 1Powerstation Firmware Nov 21, 2024 Mar 27, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 HGiga PowerStation has a vulnerability of Information Leakage. An unauthenticated remote attacker can exploit this vulnerability to obtain the administrator's credential. This credential can then be used to login PowerSt...Show more HGiga PowerStation has a vulnerability of Information Leakage. An unauthenticated remote attacker can exploit this vulnerability to obtain the administrator's credential. This credential can then be used to login PowerStation or Secure Shell to achieve remote code execution.Show less
CVE-2023-24837 1Hgiga 1Powerstation Firmware Nov 21, 2024 Mar 27, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 HGiga PowerStation remote management function has insufficient filtering for user input. An authenticated remote attacker with general user privilege can exploit this vulnerability to inject and execute arbitrary system...Show more HGiga PowerStation remote management function has insufficient filtering for user input. An authenticated remote attacker with general user privilege can exploit this vulnerability to inject and execute arbitrary system commands to perform arbitrary system operation or disrupt service.Show less
CVE-2022-38118 1Hgiga 1Oaklouds Portal Nov 21, 2024 Aug 30, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 OAKlouds Portal website’s Meeting Room has insufficient validation for user input. A remote attacker with general user privilege can perform SQL-injection to access, modify, delete database, perform system operations and...Show more OAKlouds Portal website’s Meeting Room has insufficient validation for user input. A remote attacker with general user privilege can perform SQL-injection to access, modify, delete database, perform system operations and disrupt service.Show less
CVE-2021-37913 1Hgiga 1Oaklouds Portal Nov 21, 2024 Sep 15, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 The HGiga OAKlouds mobile portal does not filter special characters of the IPv6 Gateway parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection and e...Show more The HGiga OAKlouds mobile portal does not filter special characters of the IPv6 Gateway parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection and execute arbitrary commands in the system without logging in.Show less
CVE-2021-37912 1Hgiga 1Oaklouds Portal Nov 21, 2024 Sep 15, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 The HGiga OAKlouds mobile portal does not filter special characters of the Ethernet number parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection an...Show more The HGiga OAKlouds mobile portal does not filter special characters of the Ethernet number parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection and execute arbitrary commands in the system without logging in.Show less
CVE-2021-22848 1Hgiga 4Msr45 Isherlock Antispam Msr45 Isherlock UserSsr45 Isherlock Antispam+1 more Nov 21, 2024 Mar 18, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 HGiga MailSherlock contains a SQL Injection. Remote attackers can inject SQL syntax and execute SQL commands in a URL parameter of email pages without privilege.
CVE-2021-22852 1Hgiga 1Oaklouds Openid Nov 21, 2024 Jan 19, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (online registration) to obtain database schema and data.

12 Next