CVE-2026-12059 Cellopoint｜CelloOS - Improper Access Control

The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated remote attackers to bypass the enforced command restrictions and execute operating system commands outside the originally authorized scope...

EUVD-2020-9338

Malware in sbrugna...

EUVD-2020-9337

Malware in sbrugna...

Cellopoint Cellos Remote Command Execution Vulnerability

Cellos is a Linux-based operating system optimized for mail security and mail scanning performance by Cellopoint. A remote command execution vulnerability exists in Cellopoint Cellos 4.1.10 Build 20190922. The vulnerability stems from the product's failure to properly validate incoming URLs, whic...

Cellopoint Cellos Path Traversal Vulnerability

Cellos is a Linux-based operating system optimized for mail security and mail scanning performance by Cellopoint. A path traversal vulnerability exists in Cellopoint Cellos 4.1.10 Build 20190922. The vulnerability stems from the product failing to properly validate an incoming URL, which can be...

Cellopoint Cellos Server-Side Request Forgery Vulnerability

Cellos is a Linux-based operating system optimized for mail security and mail scanning performance by Cellopoint. A server-side request forgery vulnerability exists in Cellopoint Cellos 4.1.10 Build 20190922. The vulnerability stems from the product's failure to properly validate incoming URLs,...

CVE-2020-17385

Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly, which allows unauthorized user to launch Path Traversal attack and access arbitrate file on the system...

CVE-2020-17384

Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly. With the cookie of the system administrator, attackers can inject and remotely execute arbitrary command to manipulate the system...

Design/Logic Flaw

Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly. With cookie of an authenticated user, attackers can temper with the URL parameter and access arbitrary file on system...

Information disclosure

Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly. With the cookie of the system administrator, attackers can inject and remotely execute arbitrary command to manipulate the system...

Path traversal

Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly, which allows unauthorized user to launch Path Traversal attack and access arbitrate file on the system...

CVE-2020-17385

Affected software: Cellopoint CelloOS v4.1.10 Build 20190922. Issue: improper validation of URL input enables a Path Traversal attack to access arbitrary files on the system (CVE-2020-17385). Severity: CVSSv3.1 base score 7.5 (HIGH); attack vector NETWORK, privileges NONE, no user interaction. Pu...

CVE-2020-17384

Affected product: Cellopoint CelloOS v4.1.10 Build 20190922. Root cause: improper validation of URL input, enabling remote command execution. Exploitation requires the attacker to possess the system administrator’s cookie, leading to arbitrary command execution on the system. CVSS data indicates ...

CVE-2020-17386

Cellopoint Cellos/CelloOS vulnerability CVE-2020-17386: improper validation of URL input allows an authenticated user to tamper with a URL parameter via cookies and access arbitrary files on the system (SSRF). Affected product/version: Cellopoint CelloOS/Cellos v4.1.10 Build 20190922. Impact indi...

PT-2020-14936 · Cellopoint · Cellopoint Cellos

Name of the Vulnerable Software and Affected Versions: Cellopoint Cellos version 4.1.10 Build 20190922 Description: The issue allows unauthorized users to launch a Path Traversal attack due to improper validation of URL input, enabling access to arbitrary files on the system. Recommendations: For...

PT-2020-14937 · Cellopoint · Cellopoint Cellos

Name of the Vulnerable Software and Affected Versions: Cellopoint Cellos version 4.1.10 Build 20190922 Description: The issue concerns improper validation of URL input. An attacker can manipulate the URL parameter using the cookie of an authenticated user to access arbitrary files on the system...

PT-2020-14935 · Cellopoint · Cellopoint Cellos

Name of the Vulnerable Software and Affected Versions: Cellopoint Cellos version 4.1.10 Build 20190922 Description: The issue arises from improper validation of URL input. An attacker can exploit this by injecting and remotely executing arbitrary commands to manipulate the system, provided they...