|
211181
|
7.2 |
HIGH
Network
|
ozeki
|
ozeki_ng_sms_gateway
|
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. It stores SMS messages in .NET serialized format on the filesystem. By generating (and writing to the disk) malicious .NET serialized f…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-14030
|
2024-11-21 14:02 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211182
|
5.3 |
MEDIUM
Network
|
apache
|
tapestry
|
In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific URLs, an attacker can download files inside the WEB-INF folder of the WAR being run.
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2020-13953
|
2024-11-21 14:02 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211183
|
7.5 |
HIGH
Network
|
apache
|
openmeetings
|
Attackers can use public NetTest web service of Apache OpenMeetings 4.0.0-5.0.0 to organize denial of service attack.
|
NVD-CWE-noinfo
|
CVE-2020-13951
|
2024-11-21 14:02 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211184
|
9.8 |
CRITICAL
Network
|
airforce
|
nitf_extract_utility
|
U.S. Air Force Sensor Data Management System extract75 has a buffer overflow that leads to code execution. An overflow in a global variable (sBuffer) leads to a Write-What-Where outcome. Writing beyo…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-13995
|
2024-11-21 14:02 |
2020-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211185
|
7.5 |
HIGH
Network
|
jerryscript
|
jerryscript
|
vm/opcodes.c in JerryScript 2.2.0 allows attackers to hijack the flow of control by controlling a register.
|
NVD-CWE-noinfo
|
CVE-2020-13991
|
2024-11-21 14:02 |
2020-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211186
|
7.2 |
HIGH
Network
|
ozeki
|
ozeki_ng_sms_gateway
|
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The outbox functionality of the TXT File module can be used to delete all/most files in a folder. Because the product usually runs as N…
|
NVD-CWE-noinfo
|
CVE-2020-14031
|
2024-11-21 14:02 |
2020-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211187
|
7.2 |
HIGH
Network
|
ozeki
|
ozeki_ng_sms_gateway
|
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. By leveraging a path traversal vulnerability in the Autoreply module's Script Name, an attacker may write to or overwrite arbitrary fil…
|
CWE-22
Path Traversal
|
CVE-2020-14028
|
2024-11-21 14:02 |
2020-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211188
|
5.3 |
MEDIUM
Network
|
ozeki
|
ozeki_ng_sms_gateway
|
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The database connection strings accept custom unsafe arguments, such as ENABLE_LOCAL_INFILE, that can be leveraged by attackers to enab…
|
CWE-88
Argument Injection
|
CVE-2020-14027
|
2024-11-21 14:02 |
2020-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211189
|
8.8 |
HIGH
Network
|
ozeki
|
ozeki_ng_sms_gateway
|
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the Export Of Contacts feature in Ozeki NG SMS Gateway through 4.17.6 via a value that is mishandled in a CSV export.
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2020-14026
|
2024-11-21 14:02 |
2020-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211190
|
8.8 |
HIGH
Network
|
ozeki
|
ozeki_ng_sms_gateway
|
Ozeki NG SMS Gateway through 4.17.6 has multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as installing new modules o…
|
CWE-352
Origin Validation Error
|
CVE-2020-14025
|
2024-11-21 14:02 |
2020-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
