CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2020-10818
https://notcve.org/view.php?id=CVE-2020-10818
Artica Proxy 4.26 allows remote command execution for an authenticated user via shell metacharacters in the "Modify the hostname" field. Artica Proxy versión 4.26, permite una ejecución de comandos remota para un usuario autenticado por medio de metacaracteres de shell en el campo "Modify the hostname". • https://code610.blogspot.com/2020/03/rce-in-artica-426.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2019-7300
https://notcve.org/view.php?id=CVE-2019-7300
Artica Proxy 3.06.200056 allows remote attackers to execute arbitrary commands as root by reading the ressources/settings.inc ldap_admin and ldap_password fields, using these credentials at logon.php, and then entering the commands in the admin.index.php command-line field. Artica Proxy 3.06.200056 permite a los atacantes remotos ejecutar comandos arbitrarios como "root" mediante la lectura de los campos ldap_admin y ldap_password en "ressources/settings.inc" y utilizando estas credenciales en logon.php y luego introduciendo dichos comandos en el campo command-line de admin.index.php. • https://code610.blogspot.com/2019/01/rce-in-artica.html https://github.com/c610/tmp/blob/master/aRtiCE.py • CWE-522: Insufficiently Protected Credentials •
CVSS: 9.0EPSS: 25%CPEs: 1EXPL: 4CVE-2017-17055 – Artica Web Proxy 3.06 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2017-17055
Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting (XSS) attack involving the username-form-id parameter to freeradius.users.php. Artica Web Proxy, en versiones anteriores a la 3.06.112911, permite que atacantes remotos ejecuten código arbitrario como root realizando un ataque de Cross-Site Scripting (XSS) que implique el uso del parámetro username-form-id en freeradius.users.php. Artica Web Proxy version 3.06.112216 suffers from a remote code execution vulnerability. • https://www.exploit-db.com/exploits/43206 http://hyp3rlinx.altervista.org/advisories/ARTICA-WEB-PROXY-v3.06-REMOTE-CODE-EXECUTION-CVE-2017-17055.txt http://packetstormsecurity.com/files/145183/Artica-Web-Proxy-3.06.112216-Remote-Code-Execution.html http://seclists.org/fulldisclosure/2017/Dec/3 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •