CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2021 – Netentsec NS-ASG Application Security Gateway list_localuser.php sql injection
https://notcve.org/view.php?id=CVE-2024-2021
29 Feb 2024 — A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. Affected is an unknown function of the file /admin/list_localuser.php. The manipulation of the argument ResId leads to sql injection. It is possible to launch the attack remotely. • https://github.com/dtxharry/cve/blob/main/cve.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-7094 – Netentsec NS-ASG Application Security Gateway nsasg6.0.tgz information disclosure
https://notcve.org/view.php?id=CVE-2023-7094
25 Dec 2023 — A vulnerability classified as problematic was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected by this vulnerability is an unknown functionality of the file /protocol/nsasg6.0.tgz. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.248941 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5826 – Netentsec NS-ASG Application Security Gateway list_onlineuser.php sql injection
https://notcve.org/view.php?id=CVE-2023-5826
27 Oct 2023 — A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/list_onlineuser.php. The manipulation of the argument SessionId leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243716. • https://github.com/Cubi123123123/cve/blob/main/NS-ASG-sql-list_onlineuser.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5785 – Netentsec NS-ASG Application Security Gateway addaddress_interpret.php sql injection
https://notcve.org/view.php?id=CVE-2023-5785
26 Oct 2023 — A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /protocol/firewall/addaddress_interpret.php. The manipulation of the argument messagecontent leads to sql injection. The exploit has been disclosed to the public and may be used. • https://github.com/ggg48966/cve/blob/main/NS-ASG-sql-addaddress_interpret.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5784 – Netentsec NS-ASG Application Security Gateway uploadfirewall.php sql injection
https://notcve.org/view.php?id=CVE-2023-5784
26 Oct 2023 — A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Affected by this issue is some unknown functionality of the file /protocol/firewall/uploadfirewall.php. The manipulation of the argument messagecontent leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-243590 is the identifier assigned to this vulnerability. • https://github.com/gb111d/ns-asg_poc • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5700 – Netentsec NS-ASG Application Security Gateway uploadiscgwrouteconf.php sql injection
https://notcve.org/view.php?id=CVE-2023-5700
22 Oct 2023 — A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected is an unknown function of the file /protocol/iscgwtunnel/uploadiscgwrouteconf.php. The manipulation of the argument GWLinkId leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-243138 is the identifier assigned to this vulnerability. • https://github.com/istlnight/cve/blob/main/NS-ASG-sql-uploadiscgwrouteconf.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5681 – Netentsec NS-ASG Application Security Gateway list_addr_fwresource_ip.php sql injection
https://notcve.org/view.php?id=CVE-2023-5681
20 Oct 2023 — A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /admin/list_addr_fwresource_ip.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Wsecpro/cve1/blob/main/NS-ASG-sql-list_addr_fwresource_ip.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3792 – Beijing Netcon NS-ASG test_status.php direct request
https://notcve.org/view.php?id=CVE-2023-3792
20 Jul 2023 — A vulnerability was found in Beijing Netcon NS-ASG 6.3. It has been classified as problematic. This affects an unknown part of the file /admin/test_status.php. The manipulation leads to direct request. The exploit has been disclosed to the public and may be used. • https://github.com/CYN521/cve/blob/main/NS-ASG.md • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30242
https://notcve.org/view.php?id=CVE-2023-30242
05 May 2023 — NS-ASG v6.3 was discovered to contain a SQL injection vulnerability via the component /admin/add_ikev2.php. • http://ns-asg.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30243
https://notcve.org/view.php?id=CVE-2023-30243
05 May 2023 — Beijing Netcon NS-ASG Application Security Gateway v6.3 is vulnerable to SQL Injection via TunnelId that allows access to sensitive information. • http://ns-asg.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •