Vulnerabilities > Hgiga > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-21 | CVE-2023-37292 | OS Command Injection vulnerability in Hgiga Isherlock Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in HGiga iSherlock 4.5 (iSherlock-user modules), HGiga iSherlock 5.5 (iSherlock-user modules) allows OS Command Injection.This issue affects iSherlock 4.5: before iSherlock-user-4.5-174; iSherlock 5.5: before iSherlock-user-5.5-174. | 9.8 |
| 2023-03-27 | CVE-2023-24838 | Information Exposure vulnerability in Hgiga Powerstation Firmware HGiga PowerStation has a vulnerability of Information Leakage. | 9.8 |
| 2021-09-15 | CVE-2021-37912 | OS Command Injection vulnerability in Hgiga Oaklouds Portal The HGiga OAKlouds mobile portal does not filter special characters of the Ethernet number parameter of the network interface card setting page. | 10.0 |
| 2021-09-15 | CVE-2021-37913 | OS Command Injection vulnerability in Hgiga Oaklouds Portal The HGiga OAKlouds mobile portal does not filter special characters of the IPv6 Gateway parameter of the network interface card setting page. | 10.0 |
| 2021-01-19 | CVE-2021-22850 | Missing Authentication for Critical Function vulnerability in Hgiga Oaklouds Portal HGiga EIP product lacks ineffective access control in certain pages that allow attackers to access database or perform privileged functions. | 9.8 |
| 2020-12-31 | CVE-2020-35851 | OS Command Injection vulnerability in Hgiga Msr45 Isherlock-User and Ssr45 Isherlock-User HGiga MailSherlock does not validate specific parameters properly. | 10.0 |
| 2020-12-31 | CVE-2020-25848 | Insufficiently Protected Credentials vulnerability in Hgiga products HGiga MailSherlock contains weak authentication flaw that attackers grant privilege remotely with default password generation mechanism. | 10.0 |
| 2020-04-15 | CVE-2020-10512 | SQL Injection vulnerability in Hgiga Oaklouds Ccm@Il HGiga C&Cmail CCMAILQ before olln-calendar-6.0-100.i386.rpm and CCMAILN before olln-calendar-5.0-100.i386.rpm contains a SQL Injection vulnerability which allows attackers to injecting SQL commands in the URL parameter to execute unauthorized commands. | 9.0 |
| 2020-04-15 | CVE-2020-10511 | OS Command Injection vulnerability in Hgiga Oaklouds Ccm@Il HGiga C&Cmail CCMAILQ before olln-base-6.0-418.i386.rpm and CCMAILN before olln-base-5.0-418.i386.rpm contains insecure configurations. | 10.0 |