| Max CVSS | 9.0 | Min CVSS | 3.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2020-14030 | 6.5 |
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. It stores SMS messages in .NET serialized format on the filesystem. By generating (and writing to the disk) malicious .NET serialized files, an attacker can trick the product into deseri
|
09-10-2020 - 18:42 | 30-09-2020 - 18:15 | |
| CVE-2020-14030 | 5.0 |
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. It stores SMS messages in .NET serialized format on the filesystem. By generating (and writing to the disk) malicious .NET serialized files, an attacker can trick the product into deseri
|
30-09-2020 - 18:19 | 30-09-2020 - 18:15 | |
| CVE-2020-14030 | 5.0 |
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. It stores SMS messages in .NET serialized format on the filesystem. By generating (and writing to the disk) malicious .NET serialized files, an attacker can trick the product into deseri
|
30-09-2020 - 18:19 | 30-09-2020 - 18:15 | |
| CVE-2020-14027 | 3.5 |
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The database connection strings accept custom unsafe arguments, such as ENABLE_LOCAL_INFILE, that can be leveraged by attackers to enable MySQL Load Data Local (rogue MySQL server) attac
|
26-09-2020 - 02:33 | 22-09-2020 - 18:15 | |
| CVE-2020-14027 | 3.5 |
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The database connection strings accept custom unsafe arguments, such as ENABLE_LOCAL_INFILE, that can be leveraged by attackers to enable MySQL Load Data Local (rogue MySQL server) attac
|
26-09-2020 - 02:33 | 22-09-2020 - 18:15 | |
| CVE-2020-14028 | 9.0 |
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. By leveraging a path traversal vulnerability in the Autoreply module's Script Name, an attacker may write to or overwrite arbitrary files, with arbitrary content, usually with NT AUTHORI
|
26-09-2020 - 02:31 | 22-09-2020 - 18:15 | |
| CVE-2020-14028 | 9.0 |
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. By leveraging a path traversal vulnerability in the Autoreply module's Script Name, an attacker may write to or overwrite arbitrary files, with arbitrary content, usually with NT AUTHORI
|
26-09-2020 - 02:31 | 22-09-2020 - 18:15 | |
| CVE-2020-14031 | 9.0 |
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The outbox functionality of the TXT File module can be used to delete all/most files in a folder. Because the product usually runs as NT AUTHORITY\SYSTEM, the only files that will not be
|
26-09-2020 - 02:30 | 22-09-2020 - 18:15 | |
| CVE-2020-14031 | 9.0 |
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The outbox functionality of the TXT File module can be used to delete all/most files in a folder. Because the product usually runs as NT AUTHORITY\SYSTEM, the only files that will not be
|
26-09-2020 - 02:30 | 22-09-2020 - 18:15 | |
| CVE-2020-14029 | 5.0 |
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The RSS To SMS module processes XML files in an unsafe manner. This opens the application to an XML External Entity attack that can be used to perform SSRF or read arbitrary local files.
|
26-09-2020 - 02:29 | 18-09-2020 - 18:15 | |
| CVE-2020-14029 | 5.0 |
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The RSS To SMS module processes XML files in an unsafe manner. This opens the application to an XML External Entity attack that can be used to perform SSRF or read arbitrary local files.
|
26-09-2020 - 02:29 | 18-09-2020 - 18:15 |