Vulnerabilities > Ozeki

DATE CVE VULNERABILITY TITLE RISK
2020-09-30 CVE-2020-14030 Deserialization of Untrusted Data vulnerability in Ozeki NG SMS Gateway
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6.
network
low complexity
ozeki CWE-502
6.5
6.5
2020-09-22 CVE-2020-14031 Unspecified vulnerability in Ozeki NG SMS Gateway
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6.
network
low complexity
ozeki
critical
 9.0
9.0
2020-09-22 CVE-2020-14028 Path Traversal vulnerability in Ozeki NG SMS Gateway
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6.
network
low complexity
ozeki CWE-22
critical
 9.0
9.0
2020-09-22 CVE-2020-14027 Argument Injection or Modification vulnerability in Ozeki NG SMS Gateway
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6.
network
ozeki CWE-88
3.5
3.5
2020-09-22 CVE-2020-14026 Improper Neutralization of Formula Elements in a CSV File vulnerability in Ozeki NG SMS Gateway
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the Export Of Contacts feature in Ozeki NG SMS Gateway through 4.17.6 via a value that is mishandled in a CSV export.
network
ozeki CWE-1236
critical
 9.3
9.3
2020-09-22 CVE-2020-14025 Cross-Site Request Forgery (CSRF) vulnerability in Ozeki NG SMS Gateway
Ozeki NG SMS Gateway through 4.17.6 has multiple CSRF vulnerabilities.
network
ozeki CWE-352
6.8
6.8
2020-09-22 CVE-2020-14024 Cross-site Scripting vulnerability in Ozeki NG SMS Gateway
Ozeki NG SMS Gateway through 4.17.6 has multiple authenticated stored and/or reflected XSS vulnerabilities via the (1) Receiver or Recipient field in the Mailbox feature, (2) OZFORM_GROUPNAME field in the Group configuration of addresses, (3) listname field in the Defining address lists configuration, or (4) any GET Parameter in the /default URL of the application.
network
ozeki CWE-79
4.3
4.3
2020-09-22 CVE-2020-14023 Server-Side Request Forgery (SSRF) vulnerability in Ozeki NG SMS Gateway
Ozeki NG SMS Gateway through 4.17.6 allows SSRF via SMS WCF or RSS To SMS.
network
low complexity
ozeki CWE-918
4.0
4.0
2020-09-22 CVE-2020-14022 Unrestricted Upload of File with Dangerous Type vulnerability in Ozeki NG SMS Gateway
Ozeki NG SMS Gateway 4.17.1 through 4.17.6 does not check the file type when bulk importing new contacts ("Import Contacts" functionality) from a file.
network
low complexity
ozeki CWE-434
critical
 9.0
9.0
2020-09-18 CVE-2020-14029 XXE vulnerability in Ozeki NG SMS Gateway
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6.
network
low complexity
ozeki CWE-611
5.0
5.0