Articatech Artica_proxy

14 CVEs affecting Articatech Artica_proxy. Latest disclosed: 2024-03-21. Critical: 6, High: 5.

Top CVEs affecting Articatech Artica_proxy
CVESeverityScorePublishedSummary
CVE-2024-2054Critical9.82024-03-21The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution…
CVE-2024-2056Critical9.82024-03-05Services that are running and bound to the loopback interface on the Artica Proxy are accessible through the proxy service. In particular, the "tailon" service…
CVE-2024-2055Critical9.82024-03-05The "Rich Filemanager" feature of Artica Proxy provides a web-based interface for file management capabilities. When the feature is enabled, it does not requir…
CVE-2021-41739Critical9.82022-05-05A OS Command Injection vulnerability was discovered in Artica Proxy 4.30.000000. Attackers can execute OS commands in cyrus.events.php with GET param logs and…
CVE-2020-13159Critical9.82020-06-22Artica Proxy before 4.30.000000 Community Edition allows OS command injection via the Netbios name, Server domain name, dhclient_mac, Hostname, or Alias field…
CVE-2017-17055Critical9.02017-12-07Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting (XSS) attack involving the u…
CVE-2024-2053High7.52024-03-21The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution…
CVE-2020-15052High7.52020-07-20An issue was discovered in Artica Proxy CE before 4.28.030.418. SQL Injection exists via the Netmask, Hostname, and Alias fields.
CVE-2020-13158High7.52020-06-22Artica Proxy before 4.30.000000 Community Edition allows Directory Traversal via the fw.progrss.details.php popup parameter.
CVE-2020-10818High7.22020-03-22Artica Proxy 4.26 allows remote command execution for an authenticated user via shell metacharacters in the "Modify the hostname" field.
CVE-2019-7300High7.22019-02-01Artica Proxy 3.06.200056 allows remote attackers to execute arbitrary commands as root by reading the ressources/settings.inc ldap_admin and ldap_password fiel…
CVE-2022-37153Medium6.12022-08-24An issue was discovered in Artica Proxy 4.30.000000. There is a XSS vulnerability via the password parameter in /fw.login.php.
CVE-2020-15053Medium6.12020-07-20An issue was discovered in Artica Proxy CE before 4.28.030.418. Reflected XSS exists via these search fields: real time request, System Events, Proxy Events, P…
CVE-2020-15051Medium6.12020-07-15An issue was discovered in Artica Proxy before 4.30.000000. Stored XSS exists via the Server Domain Name, Your Email Address, Group Name, MYSQL Server, Databas…