CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 1CVE-2022-37153
https://notcve.org/view.php?id=CVE-2022-37153
An issue was discovered in Artica Proxy 4.30.000000. There is a XSS vulnerability via the password parameter in /fw.login.php. Se ha detectado un problema en Artica Proxy versión 4.30.000000. Se presenta una vulnerabilidad de tipo XSS por medio del parámetro password en el archivo /fw.login.php. • https://github.com/Fjowel/CVE-2022-37153 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 9EXPL: 0CVE-2021-40680 – Artica Proxy VMWare Appliance 4.30.000000 SP273 Path Traversal
https://notcve.org/view.php?id=CVE-2021-40680
There is a Directory Traversal vulnerability in Artica Proxy (4.30.000000 SP206 through SP255, and VMware appliance 4.30.000000 through SP273) via the filename parameter to /cgi-bin/main.cgi. Se presenta una vulnerabilidad de Salto de Directorio en Artica Proxy (versiones 4.30.000000 SP206 a SP255, y VMware appliance versiones 4.30.000000 a SP273) por medio del parámetro filename al archivo /cgi-bin/main.cgi Artica Proxy VMWare Appliance versions 4.30.000000 SP273 and below suffer from a path traversal vulnerability. • http://seclists.org/fulldisclosure/2022/Apr/39 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 96%CPEs: 1EXPL: 2CVE-2020-17505 – Artica Proxy 4.30.000000 Authentication Bypass / Command Injection
https://notcve.org/view.php?id=CVE-2020-17505
Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform. Artica Web Proxy versión 4.30.000000, permite a un atacante remoto autenticado inyectar comandos por medio del parámetro service-cmds en el archivo cyrus.php. Estos comandos son ejecutados con privilegios root por medio de la función service_cmds_peform • http://packetstormsecurity.com/files/159267/Artica-Proxy-4.30.000000-Authentication-Bypass-Command-Injection.html https://blog.max0x4141.com/post/artica_proxy • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 95%CPEs: 1EXPL: 4CVE-2020-17506 – Artica Proxy 4.3.0 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2020-17506
Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php. Artica Web Proxy versión 4.30.00000000, permite a un atacante remoto pasar por alto la detección de privilegios y alcanzar privilegios de administrador del backend web mediante la inyección SQL del parámetro apikey en el archivo fw.login.php Artica Proxy version 4.3.0 suffers from an authentication bypass vulnerability. • https://www.exploit-db.com/exploits/48744 http://packetstormsecurity.com/files/158868/Artica-Proxy-4.3.0-Authentication-Bypass.html http://packetstormsecurity.com/files/159267/Artica-Proxy-4.30.000000-Authentication-Bypass-Command-Injection.html https://blog.max0x4141.com/post/artica_proxy • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-15053
https://notcve.org/view.php?id=CVE-2020-15053
An issue was discovered in Artica Proxy CE before 4.28.030.418. Reflected XSS exists via these search fields: real time request, System Events, Proxy Events, Proxy Objects, and Firewall objects. Se detectó un problema en Artica Proxy CE versiones anteriores al 4.28.030.418. Una vulnerabilidad de tipo XSS Reflejado se presenta por medio de estos campos de búsqueda: real time request, System Events, Proxy Events, Proxy Objects, y Firewall objects • https://github.com/pratikshad19/CVE-2020-15053 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •