CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6007 – Netentsec NS-ASG Application Security Gateway deleteiscgwrouteconf.php sql injection
https://notcve.org/view.php?id=CVE-2024-6007
15 Jun 2024 — A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /protocol/iscgwtunnel/deleteiscgwrouteconf.php. The manipulation of the argument messagecontent leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/SecureF1sh/findings/blob/main/ns_sqli.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5773 – Netentsec NS-ASG Application Security Gateway deletemacbind.php sql injection
https://notcve.org/view.php?id=CVE-2024-5773
09 Jun 2024 — A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected is an unknown function of the file /protocol/firewall/deletemacbind.php. The manipulation of the argument messagecontent leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/L1OudFd8cl09/CVE/issues/3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5772 – Netentsec NS-ASG Application Security Gateway deleteiscuser.php sql injection
https://notcve.org/view.php?id=CVE-2024-5772
09 Jun 2024 — A vulnerability, which was classified as critical, has been found in Netentsec NS-ASG Application Security Gateway 6.3. This issue affects some unknown processing of the file /protocol/iscuser/deleteiscuser.php. The manipulation of the argument messagecontent leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/charliecatsec/cve1/blob/main/NS-ASG-sql-deleteiscuser.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5590 – Netentsec NS-ASG Application Security Gateway JSON Content uploadiscuser.php sql injection
https://notcve.org/view.php?id=CVE-2024-5590
03 Jun 2024 — A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. This vulnerability affects unknown code of the file /protocol/iscuser/uploadiscuser.php of the component JSON Content Handler. The manipulation of the argument messagecontent leads to sql injection. The attack can be initiated remotely. • https://github.com/flyyue2001/cve/blob/main/NS-ASG-sql-uploadiscuser.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5589 – Netentsec NS-ASG Application Security Gateway sql injection
https://notcve.org/view.php?id=CVE-2024-5589
03 Jun 2024 — A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /admin/config_MT.php?action=delete. The manipulation of the argument Mid leads to sql injection. • https://github.com/flyyue2001/cve/blob/main/NS-ASG-sql-config_MT.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2024-3458 – Netentsec NS-ASG Application Security Gateway add_ikev2.php sql injection
https://notcve.org/view.php?id=CVE-2024-3458
08 Apr 2024 — A vulnerability classified as critical was found in Netentsec NS-ASG Application Security Gateway 6.3. This vulnerability affects unknown code of the file /admin/add_ikev2.php. The manipulation of the argument TunnelId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/silent6trinity/CVE-2024-34582 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3457 – Netentsec NS-ASG Application Security Gateway config_ISCGroupNoCache.php sql injection
https://notcve.org/view.php?id=CVE-2024-3457
08 Apr 2024 — A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /admin/config_ISCGroupNoCache.php. The manipulation of the argument GroupId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/flyyue2001/cve/blob/main/NS-ASG-sql-nconfig_ISCGroupNoCache.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3456 – Netentsec NS-ASG Application Security Gateway config_Anticrack.php sql injection
https://notcve.org/view.php?id=CVE-2024-3456
08 Apr 2024 — A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/config_Anticrack.php. The manipulation of the argument GroupId leads to sql injection. The attack may be launched remotely. • https://github.com/flyyue2001/cve/blob/main/NS-ASG-sql-config_Anticrack.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3455 – Netentsec NS-ASG Application Security Gateway add_postlogin.php sql injection
https://notcve.org/view.php?id=CVE-2024-3455
08 Apr 2024 — A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/add_postlogin.php. The manipulation of the argument SingleLoginId leads to sql injection. The attack can be launched remotely. • https://github.com/flyyue2001/cve/blob/main/NS-ASG-sql-add_postlogin.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3041 – Netentsec NS-ASG Application Security Gateway listloginfo.php sql injection
https://notcve.org/view.php?id=CVE-2024-3041
28 Mar 2024 — A vulnerability has been found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. This vulnerability affects unknown code of the file /protocol/log/listloginfo.php. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/flyyue2001/cve/blob/main/NS-ASG-sql-listloginfo.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •