WebAccess Node (All versions prior to 9.0.1) has incorrect permissions set for resources used by specific services, which may allow code execution with system privileges. Date published : 2020-09-22 https://us-cert.cisa.gov/ics/advisories/icsa-20-261-01
Liferay Portal before 7.3.3, and Liferay DXP 7.1 before fix pack 18 and 7.2 before fix pack 6, does not restrict the size of a multipart/form-data POST action, which allows remote authenticated users to...
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The outbox functionality of the TXT File module can be used to delete all/most files in a folder. Because the product usually runs...
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. By leveraging a path traversal vulnerability in the Autoreply module’s Script Name, an attacker may write to or overwrite arbitrary files, with arbitrary...
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The database connection strings accept custom unsafe arguments, such as ENABLE_LOCAL_INFILE, that can be leveraged by attackers to enable MySQL Load Data Local...
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the Export Of Contacts feature in Ozeki NG SMS Gateway through 4.17.6 via a value that is mishandled in a CSV export. Date...
Ozeki NG SMS Gateway through 4.17.6 has multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as installing new modules or changing a password....
Ozeki NG SMS Gateway through 4.17.6 has multiple authenticated stored and/or reflected XSS vulnerabilities via the (1) Receiver or Recipient field in the Mailbox feature, (2) OZFORM_GROUPNAME field in the Group configuration of addresses,...
Ozeki NG SMS Gateway through 4.17.6 allows SSRF via SMS WCF or RSS To SMS. Date published : 2020-09-22 https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-14023-Server%20Side%20Request%20Forgery-Ozeki%20SMS%20Gateway https://www.ozeki.hu/index.php?owpn=231
Ozeki NG SMS Gateway 4.17.1 through 4.17.6 does not check the file type when bulk importing new contacts ("Import Contacts" functionality) from a file. It is possible to upload an executable or .bat file...
An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to access the OBR host as a non-admin user Date published : 2020-09-22...
Arbitrary code execution vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of OBR. Date published : 2020-09-22...
An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow local attackers on the OBR host to execute code with escalated privileges. Date published :...
Use after free in offscreen canvas in Google Chrome prior to 85.0.4183.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Date published : 2020-09-21 https://www.debian.org/security/2021/dsa-4824 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNIYFJST4TFJYFZ27VODBOINCLBGULTD/