|
215851
|
5.3 |
MEDIUM
Network
|
ozeki
|
ozeki_ng_sms_gateway
|
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The database connection strings accept custom unsafe arguments, such as ENABLE_LOCAL_INFILE, that can be leveraged by attackers to enab…
|
CWE-88
Argument Injection
|
CVE-2020-14027
|
2024-11-21 14:02 |
2020-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215852
|
8.8 |
HIGH
Network
|
ozeki
|
ozeki_ng_sms_gateway
|
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the Export Of Contacts feature in Ozeki NG SMS Gateway through 4.17.6 via a value that is mishandled in a CSV export.
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2020-14026
|
2024-11-21 14:02 |
2020-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215853
|
8.8 |
HIGH
Network
|
ozeki
|
ozeki_ng_sms_gateway
|
Ozeki NG SMS Gateway through 4.17.6 has multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as installing new modules o…
|
CWE-352
Origin Validation Error
|
CVE-2020-14025
|
2024-11-21 14:02 |
2020-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215854
|
6.1 |
MEDIUM
Network
|
ozeki
|
ozeki_ng_sms_gateway
|
Ozeki NG SMS Gateway through 4.17.6 has multiple authenticated stored and/or reflected XSS vulnerabilities via the (1) Receiver or Recipient field in the Mailbox feature, (2) OZFORM_GROUPNAME field i…
|
CWE-79
Cross-site Scripting
|
CVE-2020-14024
|
2024-11-21 14:02 |
2020-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215855
|
4.9 |
MEDIUM
Network
|
ozeki
|
ozeki_ng_sms_gateway
|
Ozeki NG SMS Gateway through 4.17.6 allows SSRF via SMS WCF or RSS To SMS.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-14023
|
2024-11-21 14:02 |
2020-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215856
|
8.8 |
HIGH
Network
|
ozeki
|
ozeki_ng_sms_gateway
|
Ozeki NG SMS Gateway 4.17.1 through 4.17.6 does not check the file type when bulk importing new contacts ("Import Contacts" functionality) from a file. It is possible to upload an executable or .bat …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-14022
|
2024-11-21 14:02 |
2020-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215857
|
4.3 |
MEDIUM
Network
|
atlassian
|
jira_service_desk
|
Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers authenticated as a non-administrator user to view Project Request-Types and Descriptions, via an Informa…
|
NVD-CWE-noinfo
|
CVE-2020-14180
|
2024-11-21 14:02 |
2020-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215858
|
5.3 |
MEDIUM
Network
|
atlassian
|
jira_server
jira_data_center
|
Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /…
|
NVD-CWE-noinfo
|
CVE-2020-14179
|
2024-11-21 14:02 |
2020-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215859
|
6.5 |
MEDIUM
Network
|
atlassian
|
jira_server
|
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Regex-based Denial of Service (DoS) vulnerability in JQL version searc…
|
NVD-CWE-noinfo
|
CVE-2020-14177
|
2024-11-21 14:02 |
2020-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215860
|
7.5 |
HIGH
Network
|
ozeki
|
ozeki_ng_sms_gateway
|
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The RSS To SMS module processes XML files in an unsafe manner. This opens the application to an XML External Entity attack that can be …
|
CWE-611
XXE
|
CVE-2020-14029
|
2024-11-21 14:02 |
2020-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
