31 matches found
CVE-2024-2330
CVE-2024-2330 affects Netentsec NS-ASG Application Security Gateway 6.3. The issue is a SQL injection in an unknown portion of /protocol/index.php triggered by manipulating the IPAddr parameter, permitting remote attack. Public disclosure exists; multiple feeds list the vulnerability and its CVSS...
CVE-2024-2021
CVE-2024-2021 affects Netentsec NS-ASG Application Security Gateway 6.3. The vulnerability is a SQL injection in an unknown function of /admin/list_localuser.php, triggered by manipulating the ResId parameter. It is exploitable remotely and has been disclosed publicly. Multiple connected sources ...
CVE-2024-2647
CVE-2024-2647 affects Netentsec NS-ASG Application Security Gateway (v6.3). The issue is a SQL injection in the /admin/singlelogin.php endpoint caused by improper handling of the loginId parameter. Attacks can be remote, and disclosures exist publicly. Multiple sources corroborate the vulnerabili...
CVE-2024-3456
CVE-2024-3456 affects Netentsec NS-ASG Application Security Gateway 6.3. The vulnerability is a SQL injection in the file /admin/config_Anticrack.php triggered by manipulating the GroupId parameter. Attack may be conducted remotely and exploits have been disclosed publicly, per multiple sources. ...
CVE-2023-3792
CVE-2023-3792 affects Beijing Netcon NS-ASG 6.3. The vulnerability is in an unknown part of the file /admin/test_status.php, where manipulation leads to a direct request. The exploit has been disclosed publicly, but the provided documents do not specify the exact vector, affected versions beyond ...
CVE-2024-2329
CVE-2024-2329 affects Netentsec NS-ASG Application Security Gateway 6.3. The vulnerability is a SQL injection in the unknown functionality of the endpoint /admin/list_resource_icon.php?action=delete, triggered by manipulating the IconId parameter. This is reported as exploitable remotely, with se...
CVE-2024-3455
Netentsec NS-ASG Application Security Gateway 6.3 contains a SQL injection vulnerability in the /admin/add_postlogin.php endpoint. The issue stems from improper handling of the SingleLoginId parameter, enabling remote attacker access without authentication. Public exploitation is noted in the sou...
CVE-2024-2644
CVE-2024-2644 affects Netentsec NS-ASG Application Security Gateway 6.3. The vulnerability resides in /protocol/firewall/addfirewall.php via the FireWallTableArray parameter, leading to SQL injection. It can be triggered remotely and public exploit information exists. The sources consistently des...
CVE-2024-2646
CVE-2024-2646 affects Netentsec NS-ASG Application Security Gateway version 6.3. The vulnerability is a SQL injection in the endpoint /vpnweb/index.php?para=index triggered by manipulating the check_VirtualSiteId argument. It is exploitable remotely and has been disclosed publicly. Impacts includ...
CVE-2024-3457
The vulnerability CVE-2024-3457 affects Netentsec NS-ASG Application Security Gateway v6.3. The issue arises from a SQL injection in the parameter GroupId within the file /admin/config_ISCGroupNoCache.php, enabling remote attackers to manipulate input and potentially compromise data integrity, co...
CVE-2023-5784
CVE-2023-5784 affects Netentsec NS-ASG Application Security Gateway 6.3. The vulnerability is in an unknown functionality of the file /protocol/firewall/uploadfirewall.php where manipulating the messagecontent parameter leads to SQL injection. Public exploit information exists and public disclosu...
CVE-2023-7094
CVE-2023-7094 affects Netentsec NS-ASG Application Security Gateway 6.3. The vulnerability is an information-disclosure in an unknown functionality of the file /protocol/nsasg6.0.tgz, exploitable remotely. Public exploit details exist; multiple sources corroborate the issue and the affected compo...
CVE-2024-5773
CVE-2024-5773 affects Netentsec NS-ASG Application Security Gateway 6.3. The vulnerability resides in an unknown function in /protocol/firewall/deletemacbind.php where manipulation of the messagecontent parameter enables SQL injection. It can be exploited remotely and has been disclosed publicly....
CVE-2024-2648
CVE-2024-2648 affects Netentsec NS-ASG Application Security Gateway 6.3, where an unknown function in /nac/naccheck.php accepts the username parameter and allows improper neutralization of data within XPath expressions (XPath injection). This enables remote abuse and exploitation once disclosed p...
CVE-2024-3040
CVE-2024-3040 concerns Netentsec NS-ASG Application Security Gateway v6.3. The vulnerability affects the file path /admin/list_crl_conf, where manipulation of the CRLId parameter leads to an SQL injection. Exploitation can be performed remotely, and public disclosure of the exploit is noted. Seve...
CVE-2024-3041
Netentsec NS-ASG Application Security Gateway 6.3 has a SQL injection in /protocol/log/listloginfo.php. The vulnerability is triggered remotely via unsafe input handling in that PHP script, with public disclosure. Impact is described across sources as potentially affecting confidentiality, integr...
CVE-2024-3458
Netentsec NS-ASG Application Security Gateway 6.3 contains a SQL injection vulnerability in the /admin/add_ikev2.php file, exploitable via manipulation of the TunnelId parameter. The issue allows remote attackers to inject SQL, with no authentication required per the description. Multiple sources...
CVE-2024-2645
CVE-2024-2645 affects Netentsec NS-ASG Application Security Gateway 6.3. The vulnerability is in the file "/vpnweb/resetpwd/resetpwd.php" where the UserId parameter can cause improper neutralization of data within XPath expressions, enabling a remote attack. Public exploitation has been disclosed...
CVE-2023-5700
CVE-2023-5700 affects Netentsec NS-ASG Application Security Gateway 6.3. The vulnerability is an SQL injection in an unknown function of /protocol/iscgwtunnel/uploadiscgwrouteconf.php, triggered by manipulating the GWLinkId parameter. Public disclosure is noted, and VDB-243138 is the associated i...
CVE-2023-6903
CVE-2023-6903 affects Netentsec NS-ASG Application Security Gateway 6.3.1. Affected component/path is /admin/singlelogin.php?submit=1, where manipulation of loginId enables SQL injection. The vulnerability can be exploited remotely and the exploit has been disclosed publicly. Multiple sources con...
CVE-2023-5681
CVE-2023-5681 affects Netentsec NS-ASG Application Security Gateway 6.3. The vulnerability targets an unknown portion of /admin/list_addr_fwresource_ip.php and enables SQL injection. Exploitation can be performed remotely, and the vulnerability entry notes that the exploit has been disclosed publ...
CVE-2023-5826
CVE-2023-5826 affects Netentsec NS-ASG Application Security Gateway 6.3. The issue arises in the unknown functionality of the file /admin/list_onlineuser.php where manipulating the SessionId parameter leads to a SQL injection. Public disclosures exist and the vulnerability has been widely reporte...
CVE-2024-2649
Netentsec NS-ASG Application Security Gateway 6.3 is affected by CVE-2024-2649 due to SQL injection in the /protocol/iscdevicestatus/deleteonlineuser.php endpoint when manipulating the messagecontent parameter. The vulnerability is exploitable remotely, and multiple sources indicate the exploit/p...
CVE-2023-30242
NS-ASG v6.3 contains a SQL injection vulnerability in /admin/add_ikev2.php. CVSS 3.1 base score 9.8 (CRITICAL): network vector, no auth, no UI interaction, impacts to confidentiality, integrity, and availability. Root cause details and official remediation/version patch are not specified in the p...
CVE-2023-30243
Beijing Netcon NS-ASG Application Security Gateway v6.3 is affected by a SQL Injection via TunnelId, enabling access to sensitive information. This CVE (CVE-2023-30243) has a CVSSv3.1 base score of 7.5 (HIGH), with network attack vector, no user interaction, and no privileges required. The vulner...
CVE-2023-5785
CVE-2023-5785 affects Netentsec NS-ASG Application Security Gateway 6.3. The vulnerability originates from /protocol/firewall/addaddress_interpret.php where manipulation of the argument messagecontent enables SQL injection. Public disclosure of exploits is noted. Root cause is input handling in a...
CVE-2024-6007
CVE-2024-6007 : NetEntSec NS-ASG Application Security Gateway 6.3 contains a SQL injection in /protocol/iscgwtunnel/deleteiscgwrouteconf.php via the messagecontent parameter. The vulnerability is exploitable remotely and is described as critical, with public disclosure of the exploit. Root cause:...
CVE-2024-5590
The CVE-2024-5590 entry concerns Netentsec NS-ASG Application Security Gateway 6.3, where the JSON Content Handler’s file /protocol/iscuser/uploadiscuser.php contains exploitable code. Specifically, manipulation of the messagecontent argument causes SQL injection that can be triggered remotely. T...
CVE-2024-5772
CVE-2024-5772 affects Netentsec NS-ASG Application Security Gateway 6.3. The vulnerability arises from handling of the messagecontent parameter in /protocol/iscuser/deleteiscuser.php, where improper input handling allows SQL injection. Impact is described as high confidentiality, integrity, and a...
CVE-2024-2022
Netentsec NS-ASG Application Security Gateway 6.3 is affected by a SQL injection in /admin/list_ipAddressPolicy.php triggered by manipulating the GroupId parameter. The vulnerability can be exploited remotely; an exploit has been publicly disclosed. There is no explicit patched version in the pro...
CVE-2024-5589
Netentsec NS-ASG Application Security Gateway 6.3 is affected by CVE-2024-5589. The vulnerability targets the file /admin/config_MT.php?action=delete, where manipulation of the Mid parameter yields an SQL injection. The issue is exploitable remotely and has been disclosed publicly. Multiple sourc...