articatech 漏洞與 CVE 列表(17)

產品(CPE): — CVE 數: 17

articatech 漏洞概覽

彙總 articatech 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。

常見弱點模式包括 路徑處理缺陷、跨站腳本與SQL 注入,在 生產負載與軟體部署 使用場景中可能帶來 檔案覆寫、工作階段劫持與資料外洩 等風險。

相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。

漏洞分布趨勢(近 24 個月)

顯示 11717 CVE 數
«« 第一頁 « 上一頁 第 1 / 1 頁 下一頁 »
CVE 摘要 來源 最高 CVSS EPSS % 公開時間 更新時間
CVE-2024-2054 The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. [email protected] 9.8 81.26% 2024-03-20 2026-06-17
CVE-2024-2053 The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. This issue was demonstrated on version 4.50 of the The Artica-Proxy administrative web application attempts to prevent local file inclusion. These protections can be bypassed and arbitrary file requests supplied by unauthenticated users will be returned according to the privileges of the "www-data" user. [email protected] 7.5 44.58% 2024-03-20 2026-06-17
CVE-2024-2056 Services that are running and bound to the loopback interface on the Artica Proxy are accessible through the proxy service. In particular, the "tailon" service is running, running as the root user, is bound to the loopback interface, and is listening on TCP port 7050. Security issues associated with exposing this network service are documented at gvalkov's 'tailon' GitHub repo. Using the tailon service, the contents of any file on the Artica Proxy can be viewed. [email protected] 9.8 16.71% 2024-03-05 2026-06-17
CVE-2024-2055 The "Rich Filemanager" feature of Artica Proxy provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user. [email protected] 9.8 0.93% 2024-03-05 2026-06-17
CVE-2022-37153 An issue was discovered in Artica Proxy 4.30.000000. There is a XSS vulnerability via the password parameter in /fw.login.php. [email protected] 6.1 1.39% 2022-08-24 2026-06-17
CVE-2021-41739 A OS Command Injection vulnerability was discovered in Artica Proxy 4.30.000000. Attackers can execute OS commands in cyrus.events.php with GET param logs and POST param rp. [email protected] 9.8 2.62% 2022-05-05 2026-06-17
CVE-2021-40680 There is a Directory Traversal vulnerability in Artica Proxy (4.30.000000 SP206 through SP255, and VMware appliance 4.30.000000 through SP273) via the filename parameter to /cgi-bin/main.cgi. [email protected] 8.1 1.26% 2022-04-25 2026-06-17
CVE-2020-17506 Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php. [email protected] 9.8 93.97% 2020-08-12 2026-06-16
CVE-2020-17505 Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform. [email protected] 8.8 82.16% 2020-08-12 2026-06-16
CVE-2020-15053 An issue was discovered in Artica Proxy CE before 4.28.030.418. Reflected XSS exists via these search fields: real time request, System Events, Proxy Events, Proxy Objects, and Firewall objects. [email protected] 6.1 1.83% 2020-07-20 2026-06-16
CVE-2020-15052 An issue was discovered in Artica Proxy CE before 4.28.030.418. SQL Injection exists via the Netmask, Hostname, and Alias fields. [email protected] 7.5 2.19% 2020-07-20 2026-06-16
CVE-2020-15051 An issue was discovered in Artica Proxy before 4.30.000000. Stored XSS exists via the Server Domain Name, Your Email Address, Group Name, MYSQL Server, Database, MYSQL Username, Group Name, and Task Description fields. [email protected] 6.1 2.47% 2020-07-15 2026-06-16
CVE-2020-13159 Artica Proxy before 4.30.000000 Community Edition allows OS command injection via the Netbios name, Server domain name, dhclient_mac, Hostname, or Alias field. NOTE: this may overlap CVE-2020-10818. [email protected] 9.8 9.32% 2020-06-22 2026-06-16
CVE-2020-13158 Artica Proxy before 4.30.000000 Community Edition allows Directory Traversal via the fw.progrss.details.php popup parameter. [email protected] 7.5 53.52% 2020-06-22 2026-06-16
CVE-2020-10818 Artica Proxy 4.26 allows remote command execution for an authenticated user via shell metacharacters in the "Modify the hostname" field. [email protected] 7.2 2.92% 2020-03-22 2026-06-16
CVE-2019-7300 Artica Proxy 3.06.200056 allows remote attackers to execute arbitrary commands as root by reading the ressources/settings.inc ldap_admin and ldap_password fields, using these credentials at logon.php, and then entering the commands in the admin.index.php command-line field. [email protected] 7.2 2.77% 2019-02-01 2026-06-16
CVE-2017-17055 Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting (XSS) attack involving the username-form-id parameter to freeradius.users.php. [email protected] 9.0 8.71% 2017-12-06 2026-06-16
«« 第一頁 « 上一頁 第 1 / 1 頁 下一頁 »
cvelogic Threat Intelligence