articatech 漏洞与 CVE 列表(17)

产品(CPE): — CVE 数: 17

articatech 漏洞概览

汇总 articatech 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。

常见弱点模式包括 路径处理缺陷、跨站脚本与SQL 注入,在 生产负载与软件部署 使用场景中可能带来 文件覆盖、会话劫持与数据泄露 等风险。

相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。

漏洞分布趋势(近 24 个月)

显示 11717 CVE 数
«« 第一页 « 上一页 第 1 / 1 页 下一页 »
CVE 摘要 来源 最高 CVSS EPSS % 公开时间 更新时间
CVE-2024-2054 The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. [email protected] 9.8 81.26% 2024-03-20 2026-06-17
CVE-2024-2053 The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. This issue was demonstrated on version 4.50 of the The Artica-Proxy administrative web application attempts to prevent local file inclusion. These protections can be bypassed and arbitrary file requests supplied by unauthenticated users will be returned according to the privileges of the "www-data" user. [email protected] 7.5 44.58% 2024-03-20 2026-06-17
CVE-2024-2056 Services that are running and bound to the loopback interface on the Artica Proxy are accessible through the proxy service. In particular, the "tailon" service is running, running as the root user, is bound to the loopback interface, and is listening on TCP port 7050. Security issues associated with exposing this network service are documented at gvalkov's 'tailon' GitHub repo. Using the tailon service, the contents of any file on the Artica Proxy can be viewed. [email protected] 9.8 16.71% 2024-03-05 2026-06-17
CVE-2024-2055 The "Rich Filemanager" feature of Artica Proxy provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user. [email protected] 9.8 0.93% 2024-03-05 2026-06-17
CVE-2022-37153 An issue was discovered in Artica Proxy 4.30.000000. There is a XSS vulnerability via the password parameter in /fw.login.php. [email protected] 6.1 1.39% 2022-08-24 2026-06-17
CVE-2021-41739 A OS Command Injection vulnerability was discovered in Artica Proxy 4.30.000000. Attackers can execute OS commands in cyrus.events.php with GET param logs and POST param rp. [email protected] 9.8 2.62% 2022-05-05 2026-06-17
CVE-2021-40680 There is a Directory Traversal vulnerability in Artica Proxy (4.30.000000 SP206 through SP255, and VMware appliance 4.30.000000 through SP273) via the filename parameter to /cgi-bin/main.cgi. [email protected] 8.1 1.26% 2022-04-25 2026-06-17
CVE-2020-17506 Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php. [email protected] 9.8 93.97% 2020-08-12 2026-06-16
CVE-2020-17505 Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform. [email protected] 8.8 82.16% 2020-08-12 2026-06-16
CVE-2020-15053 An issue was discovered in Artica Proxy CE before 4.28.030.418. Reflected XSS exists via these search fields: real time request, System Events, Proxy Events, Proxy Objects, and Firewall objects. [email protected] 6.1 1.83% 2020-07-20 2026-06-16
CVE-2020-15052 An issue was discovered in Artica Proxy CE before 4.28.030.418. SQL Injection exists via the Netmask, Hostname, and Alias fields. [email protected] 7.5 2.19% 2020-07-20 2026-06-16
CVE-2020-15051 An issue was discovered in Artica Proxy before 4.30.000000. Stored XSS exists via the Server Domain Name, Your Email Address, Group Name, MYSQL Server, Database, MYSQL Username, Group Name, and Task Description fields. [email protected] 6.1 2.47% 2020-07-15 2026-06-16
CVE-2020-13159 Artica Proxy before 4.30.000000 Community Edition allows OS command injection via the Netbios name, Server domain name, dhclient_mac, Hostname, or Alias field. NOTE: this may overlap CVE-2020-10818. [email protected] 9.8 9.32% 2020-06-22 2026-06-16
CVE-2020-13158 Artica Proxy before 4.30.000000 Community Edition allows Directory Traversal via the fw.progrss.details.php popup parameter. [email protected] 7.5 53.52% 2020-06-22 2026-06-16
CVE-2020-10818 Artica Proxy 4.26 allows remote command execution for an authenticated user via shell metacharacters in the "Modify the hostname" field. [email protected] 7.2 2.92% 2020-03-22 2026-06-16
CVE-2019-7300 Artica Proxy 3.06.200056 allows remote attackers to execute arbitrary commands as root by reading the ressources/settings.inc ldap_admin and ldap_password fields, using these credentials at logon.php, and then entering the commands in the admin.index.php command-line field. [email protected] 7.2 2.77% 2019-02-01 2026-06-16
CVE-2017-17055 Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting (XSS) attack involving the username-form-id parameter to freeradius.users.php. [email protected] 9.0 8.71% 2017-12-06 2026-06-16
«« 第一页 « 上一页 第 1 / 1 页 下一页 »
cvelogic Threat Intelligence