CVE-2023-7327

CVE-2023-7327 affects Ozeki SMS Gateway up to version 10.3.208 and is a path traversal flaw exposing a read of arbitrary files on the underlying filesystem with the gateway service’s privileges. The vulnerability is exploitable remotely by an unauthenticated attacker using URL-encoded traversal s...

CVE-2023-7327 Ozeki SMS Gateway <= 10.3.208 Unauthenticated Arbitrary File Read

Ozeki SMS Gateway versions up to and including 10.3.208 contain a path traversal vulnerability. Successful exploitation allows an unauthenticated attacker to use URL-encoded traversal sequences to read arbitrary files from the underlying filesystem with the privileges of the gateway service,...

Ozeki NG SMS Gateway CSV Injection Vulnerability

Ozeki NG SMS Gateway is a powerful, reliable and flexible SMS gateway application. A CSV injection vulnerability exists in the "Contact Export" feature in Ozeki NG SMS Gateway 4.17.6 and earlier versions. The vulnerability can be exploited to run commands on the victim computer on behalf of the...

Ozeki NG SMS Gateway Cross-Site Scripting Vulnerability

Ozeki NG SMS Gateway is a powerful, reliable and flexible SMS gateway application. A cross-site scripting vulnerability exists in Ozeki NG SMS Gateway 4.17.6 and earlier versions. The vulnerability can be exploited via the Receiver or Recipient field in the mailbox function, the OZFORMGROUPNAME...

Ozeki NG SMS Gateway Path Traversal Vulnerability

Ozeki NG SMS Gateway is a powerful, reliable and flexible SMS gateway application. A path traversal vulnerability exists in the "Script Name" of the "Autoresponder" module in Ozeki NG SMS Gateway 4.17.6 and earlier. The vulnerability can be exploited to write or overwrite arbitrary files with...

CVE-2020-14026

CSV Injection aka Excel Macro Injection or Formula Injection exists in the Export Of Contacts feature in Ozeki NG SMS Gateway through 4.17.6 via a value that is mishandled in a CSV export...

CVE-2020-14022

Ozeki NG SMS Gateway 4.17.1 through 4.17.6 does not check the file type when bulk importing new contacts "Import Contacts" functionality from a file. It is possible to upload an executable or .bat file that can be executed with the help of a functionality E.g. the "Application Starter" module...

CVE-2020-14027

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The database connection strings accept custom unsafe arguments, such as ENABLELOCALINFILE, that can be leveraged by attackers to enable MySQL Load Data Local rogue MySQL server attacks...

CVE-2020-14023

Ozeki NG SMS Gateway through 4.17.6 allows SSRF via SMS WCF or RSS To SMS...

CVE-2020-14029

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The RSS To SMS module processes XML files in an unsafe manner. This opens the application to an XML External Entity attack that can be used to perform SSRF or read arbitrary local files...