ozeki 漏洞與 CVE 列表(12)

產品(CPE): — CVE 數: 12

ozeki 漏洞概覽

彙總 ozeki 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。

歷史漏洞主要涉及 SSRF與路徑處理缺陷 等問題,部分漏洞可能導致 工作階段劫持,並影響 生產負載與軟體部署 相關場景。

相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。

漏洞分布趨勢(近 24 個月)

顯示 11212 CVE 數
«« 第一頁 « 上一頁 第 1 / 1 頁 下一頁 »
CVE 摘要 來源 最高 CVSS EPSS % 公開時間 更新時間
CVE-2020-14030 An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. It stores SMS messages in .NET serialized format on the filesystem. By generating (and writing to the disk) malicious .NET serialized files, an attacker can trick the product into deserializing them, resulting in arbitrary code execution. [email protected] 7.2 1.76% 2020-09-30 2026-06-16
CVE-2020-14031 An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The outbox functionality of the TXT File module can be used to delete all/most files in a folder. Because the product usually runs as NT AUTHORITY\SYSTEM, the only files that will not be deleted are those currently being run by the system and/or files that have special security attributes (e.g., Windows Defender files). [email protected] 7.2 1.57% 2020-09-22 2026-06-16
CVE-2020-14028 An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. By leveraging a path traversal vulnerability in the Autoreply module's Script Name, an attacker may write to or overwrite arbitrary files, with arbitrary content, usually with NT AUTHORITY\SYSTEM privileges. [email protected] 7.2 1.86% 2020-09-22 2026-06-16
CVE-2020-14027 An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The database connection strings accept custom unsafe arguments, such as ENABLE_LOCAL_INFILE, that can be leveraged by attackers to enable MySQL Load Data Local (rogue MySQL server) attacks. [email protected] 5.3 0.83% 2020-09-22 2026-06-16
CVE-2020-14026 CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the Export Of Contacts feature in Ozeki NG SMS Gateway through 4.17.6 via a value that is mishandled in a CSV export. [email protected] 8.8 1.71% 2020-09-22 2026-06-16
CVE-2020-14025 Ozeki NG SMS Gateway through 4.17.6 has multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as installing new modules or changing a password. [email protected] 8.8 0.53% 2020-09-22 2026-06-16
CVE-2020-14024 Ozeki NG SMS Gateway through 4.17.6 has multiple authenticated stored and/or reflected XSS vulnerabilities via the (1) Receiver or Recipient field in the Mailbox feature, (2) OZFORM_GROUPNAME field in the Group configuration of addresses, (3) listname field in the Defining address lists configuration, or (4) any GET Parameter in the /default URL of the application. [email protected] 6.1 0.71% 2020-09-22 2026-06-16
CVE-2020-14023 Ozeki NG SMS Gateway through 4.17.6 allows SSRF via SMS WCF or RSS To SMS. [email protected] 4.9 0.97% 2020-09-22 2026-06-16
CVE-2020-14022 Ozeki NG SMS Gateway 4.17.1 through 4.17.6 does not check the file type when bulk importing new contacts ("Import Contacts" functionality) from a file. It is possible to upload an executable or .bat file that can be executed with the help of a functionality (E.g. the "Application Starter" module) within the application. [email protected] 8.8 1.82% 2020-09-22 2026-06-16
CVE-2020-14029 An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The RSS To SMS module processes XML files in an unsafe manner. This opens the application to an XML External Entity attack that can be used to perform SSRF or read arbitrary local files. [email protected] 7.5 1.38% 2020-09-18 2026-06-16
CVE-2020-14021 An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The ASP.net SMS module can be used to read and validate the source code of ASP files. By altering the path, it can be made to read any file on the Operating System, usually with NT AUTHORITY\SYSTEM privileges. [email protected] 4.9 1.15% 2020-09-18 2026-06-16
CVE-2006-6674 Ozeki HTTP-SMS Gateway 1.0, and possibly earlier, stores usernames and passwords in plaintext in the HKLM\Software\Ozeki\SMSServer\CurrentVersion\Plugins\httpsmsgate registry key, which allows local users to obtain sensitive information. [email protected] 2.1 0.30% 2006-12-20 2026-06-16
«« 第一頁 « 上一頁 第 1 / 1 頁 下一頁 »
cvelogic Threat Intelligence