CVSS: 8.1EPSS: 0%CPEs: 9EXPL: 0CVE-2021-40680 – Artica Proxy VMWare Appliance 4.30.000000 SP273 Path Traversal
https://notcve.org/view.php?id=CVE-2021-40680
There is a Directory Traversal vulnerability in Artica Proxy (4.30.000000 SP206 through SP255, and VMware appliance 4.30.000000 through SP273) via the filename parameter to /cgi-bin/main.cgi. Se presenta una vulnerabilidad de Salto de Directorio en Artica Proxy (versiones 4.30.000000 SP206 a SP255, y VMware appliance versiones 4.30.000000 a SP273) por medio del parámetro filename al archivo /cgi-bin/main.cgi Artica Proxy VMWare Appliance versions 4.30.000000 SP273 and below suffer from a path traversal vulnerability. • http://seclists.org/fulldisclosure/2022/Apr/39 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 96%CPEs: 1EXPL: 2CVE-2020-17505 – Artica Proxy 4.30.000000 Authentication Bypass / Command Injection
https://notcve.org/view.php?id=CVE-2020-17505
Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform. Artica Web Proxy versión 4.30.000000, permite a un atacante remoto autenticado inyectar comandos por medio del parámetro service-cmds en el archivo cyrus.php. Estos comandos son ejecutados con privilegios root por medio de la función service_cmds_peform • http://packetstormsecurity.com/files/159267/Artica-Proxy-4.30.000000-Authentication-Bypass-Command-Injection.html https://blog.max0x4141.com/post/artica_proxy • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 95%CPEs: 1EXPL: 4CVE-2020-17506 – Artica Proxy 4.3.0 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2020-17506
Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php. Artica Web Proxy versión 4.30.00000000, permite a un atacante remoto pasar por alto la detección de privilegios y alcanzar privilegios de administrador del backend web mediante la inyección SQL del parámetro apikey en el archivo fw.login.php Artica Proxy version 4.3.0 suffers from an authentication bypass vulnerability. • https://www.exploit-db.com/exploits/48744 http://packetstormsecurity.com/files/158868/Artica-Proxy-4.3.0-Authentication-Bypass.html http://packetstormsecurity.com/files/159267/Artica-Proxy-4.30.000000-Authentication-Bypass-Command-Injection.html https://blog.max0x4141.com/post/artica_proxy • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •