Vulnerabilities > Hgiga

DATE CVE VULNERABILITY TITLE RISK
2021-09-15 CVE-2021-37912 Unspecified vulnerability in Hgiga Oaklouds Portal 2.0/3.0
The HGiga OAKlouds mobile portal does not filter special characters of the Ethernet number parameter of the network interface card setting page.
network
low complexity
hgiga
critical
9.8
2021-03-18 CVE-2021-22848 SQL Injection vulnerability in Hgiga products
HGiga MailSherlock contains a SQL Injection.
network
low complexity
hgiga CWE-89
critical
9.8
2021-01-19 CVE-2021-22852 SQL Injection vulnerability in Hgiga Oaklouds Openid 2.0/3.0
HGiga EIP product contains SQL Injection vulnerability.
network
low complexity
hgiga CWE-89
8.8
2021-01-19 CVE-2021-22851 SQL Injection vulnerability in Hgiga Oaklouds Openid 2.0/3.0
HGiga EIP product contains SQL Injection vulnerability.
network
low complexity
hgiga CWE-89
critical
9.8
2021-01-19 CVE-2021-22850 Missing Authentication for Critical Function vulnerability in Hgiga Oaklouds Portal
HGiga EIP product lacks ineffective access control in certain pages that allow attackers to access database or perform privileged functions.
network
low complexity
hgiga CWE-306
critical
9.8
2020-12-31 CVE-2020-35851 OS Command Injection vulnerability in Hgiga Msr45 Isherlock-User and Ssr45 Isherlock-User
HGiga MailSherlock does not validate specific parameters properly.
network
low complexity
hgiga CWE-78
critical
9.8
2020-12-31 CVE-2020-35743 SQL Injection vulnerability in Hgiga products
HGiga MailSherlock contains a SQL injection flaw.
network
low complexity
hgiga CWE-89
7.6
2020-12-31 CVE-2020-35742 SQL Injection vulnerability in Hgiga products
HGiga MailSherlock contains a vulnerability of SQL Injection.
network
low complexity
hgiga CWE-89
7.6
2020-12-31 CVE-2020-35741 Cross-site Scripting vulnerability in Hgiga products
HGiga MailSherlock does not validate user parameters on multiple login pages.
network
low complexity
hgiga CWE-79
6.1
2020-12-31 CVE-2020-35740 Cross-site Scripting vulnerability in Hgiga products
HGiga MailSherlock does not validate specific URL parameters properly that allows attackers to inject JavaScript syntax for XSS attacks.
network
low complexity
hgiga CWE-79
6.1