Articatech Artica_proxy
14 CVEs affecting Articatech Artica_proxy. Latest disclosed: 2024-03-21. Critical: 6, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-2054 | Critical | 9.8 | 2024-03-21 | The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution… |
CVE-2024-2056 | Critical | 9.8 | 2024-03-05 | Services that are running and bound to the loopback interface on the Artica Proxy are accessible through the proxy service. In particular, the "tailon" service… |
CVE-2024-2055 | Critical | 9.8 | 2024-03-05 | The "Rich Filemanager" feature of Artica Proxy provides a web-based interface for file management capabilities. When the feature is enabled, it does not requir… |
CVE-2021-41739 | Critical | 9.8 | 2022-05-05 | A OS Command Injection vulnerability was discovered in Artica Proxy 4.30.000000. Attackers can execute OS commands in cyrus.events.php with GET param logs and… |
CVE-2020-13159 | Critical | 9.8 | 2020-06-22 | Artica Proxy before 4.30.000000 Community Edition allows OS command injection via the Netbios name, Server domain name, dhclient_mac, Hostname, or Alias field… |
CVE-2017-17055 | Critical | 9.0 | 2017-12-07 | Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting (XSS) attack involving the u… |
CVE-2024-2053 | High | 7.5 | 2024-03-21 | The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution… |
CVE-2020-15052 | High | 7.5 | 2020-07-20 | An issue was discovered in Artica Proxy CE before 4.28.030.418. SQL Injection exists via the Netmask, Hostname, and Alias fields. |
CVE-2020-13158 | High | 7.5 | 2020-06-22 | Artica Proxy before 4.30.000000 Community Edition allows Directory Traversal via the fw.progrss.details.php popup parameter. |
CVE-2020-10818 | High | 7.2 | 2020-03-22 | Artica Proxy 4.26 allows remote command execution for an authenticated user via shell metacharacters in the "Modify the hostname" field. |
CVE-2019-7300 | High | 7.2 | 2019-02-01 | Artica Proxy 3.06.200056 allows remote attackers to execute arbitrary commands as root by reading the ressources/settings.inc ldap_admin and ldap_password fiel… |
CVE-2022-37153 | Medium | 6.1 | 2022-08-24 | An issue was discovered in Artica Proxy 4.30.000000. There is a XSS vulnerability via the password parameter in /fw.login.php. |
CVE-2020-15053 | Medium | 6.1 | 2020-07-20 | An issue was discovered in Artica Proxy CE before 4.28.030.418. Reflected XSS exists via these search fields: real time request, System Events, Proxy Events, P… |
CVE-2020-15051 | Medium | 6.1 | 2020-07-15 | An issue was discovered in Artica Proxy before 4.30.000000. Stored XSS exists via the Server Domain Name, Your Email Address, Group Name, MYSQL Server, Databas… |