Lucene search
K
NetentsecApplication Security Gateway

31 matches found

CVE
CVE
added 2024/03/09 9:0 a.m.83 views

CVE-2024-2330

CVE-2024-2330 affects Netentsec NS-ASG Application Security Gateway 6.3. The issue is a SQL injection in an unknown portion of /protocol/index.php triggered by manipulating the IPAddr parameter, permitting remote attack. Public disclosure exists; multiple feeds list the vulnerability and its CVSS...

9.8CVSS6.7AI score0.17622EPSS
In wildWeb
CVE
CVE
added 2024/02/29 11:31 p.m.82 views

CVE-2024-2021

CVE-2024-2021 affects Netentsec NS-ASG Application Security Gateway 6.3. The vulnerability is a SQL injection in an unknown function of /admin/list_localuser.php, triggered by manipulating the ResId parameter. It is exploitable remotely and has been disclosed publicly. Multiple connected sources ...

9.8CVSS6.8AI score0.00741EPSS
Web
CVE
CVE
added 2024/03/19 11:0 p.m.70 views

CVE-2024-2647

CVE-2024-2647 affects Netentsec NS-ASG Application Security Gateway (v6.3). The issue is a SQL injection in the /admin/singlelogin.php endpoint caused by improper handling of the loginId parameter. Attacks can be remote, and disclosures exist publicly. Multiple sources corroborate the vulnerabili...

9.8CVSS7.5AI score0.00953EPSS
Web
CVE
CVE
added 2024/04/08 4:31 p.m.68 views

CVE-2024-3456

CVE-2024-3456 affects Netentsec NS-ASG Application Security Gateway 6.3. The vulnerability is a SQL injection in the file /admin/config_Anticrack.php triggered by manipulating the GroupId parameter. Attack may be conducted remotely and exploits have been disclosed publicly, per multiple sources. ...

9.8CVSS6.8AI score0.00765EPSS
Web
CVE
CVE
added 2024/03/09 8:0 a.m.66 views

CVE-2024-2329

CVE-2024-2329 affects Netentsec NS-ASG Application Security Gateway 6.3. The vulnerability is a SQL injection in the unknown functionality of the endpoint /admin/list_resource_icon.php?action=delete, triggered by manipulating the IconId parameter. This is reported as exploitable remotely, with se...

9.8CVSS6.7AI score0.00718EPSS
Web
CVE
CVE
added 2023/07/20 7:0 p.m.65 views

CVE-2023-3792

CVE-2023-3792 affects Beijing Netcon NS-ASG 6.3. The vulnerability is in an unknown part of the file /admin/test_status.php, where manipulation leads to a direct request. The exploit has been disclosed publicly, but the provided documents do not specify the exact vector, affected versions beyond ...

6.5CVSS5.4AI score0.00645EPSS
CVE
CVE
added 2024/04/08 3:31 p.m.62 views

CVE-2024-3455

Netentsec NS-ASG Application Security Gateway 6.3 contains a SQL injection vulnerability in the /admin/add_postlogin.php endpoint. The issue stems from improper handling of the SingleLoginId parameter, enabling remote attacker access without authentication. Public exploitation is noted in the sou...

9.8CVSS6.8AI score0.0073EPSS
Web
CVE
CVE
added 2024/03/19 10:0 p.m.61 views

CVE-2024-2644

CVE-2024-2644 affects Netentsec NS-ASG Application Security Gateway 6.3. The vulnerability resides in /protocol/firewall/addfirewall.php via the FireWallTableArray parameter, leading to SQL injection. It can be triggered remotely and public exploit information exists. The sources consistently des...

9.8CVSS6.7AI score0.00838EPSS
Web
CVE
CVE
added 2024/03/19 10:31 p.m.60 views

CVE-2024-2646

CVE-2024-2646 affects Netentsec NS-ASG Application Security Gateway version 6.3. The vulnerability is a SQL injection in the endpoint /vpnweb/index.php?para=index triggered by manipulating the check_VirtualSiteId argument. It is exploitable remotely and has been disclosed publicly. Impacts includ...

9.8CVSS6.9AI score0.00812EPSS
Web
CVE
CVE
added 2024/04/08 5:31 p.m.60 views

CVE-2024-3457

The vulnerability CVE-2024-3457 affects Netentsec NS-ASG Application Security Gateway v6.3. The issue arises from a SQL injection in the parameter GroupId within the file /admin/config_ISCGroupNoCache.php, enabling remote attackers to manipulate input and potentially compromise data integrity, co...

9.8CVSS6.8AI score0.0068EPSS
Web
CVE
CVE
added 2023/12/25 12:0 a.m.59 views

CVE-2023-7094

CVE-2023-7094 affects Netentsec NS-ASG Application Security Gateway 6.3. The vulnerability is an information-disclosure in an unknown functionality of the file /protocol/nsasg6.0.tgz, exploitable remotely. Public exploit details exist; multiple sources corroborate the issue and the affected compo...

7.5CVSS6.2AI score0.00888EPSS
CVE
CVE
added 2023/10/26 2:31 p.m.58 views

CVE-2023-5784

CVE-2023-5784 affects Netentsec NS-ASG Application Security Gateway 6.3. The vulnerability is in an unknown functionality of the file /protocol/firewall/uploadfirewall.php where manipulating the messagecontent parameter leads to SQL injection. Public exploit information exists and public disclosu...

9.8CVSS6.8AI score0.00671EPSS
Web
CVE
CVE
added 2024/03/19 11:0 p.m.58 views

CVE-2024-2648

CVE-2024-2648 affects Netentsec NS-ASG Application Security Gateway 6.3, where an unknown function in /nac/naccheck.php accepts the username parameter and allows improper neutralization of data within XPath expressions (XPath injection). This enables remote abuse and exploitation once disclosed p...

5.3CVSS4.7AI score0.00731EPSS
Web
CVE
CVE
added 2024/03/28 2:31 p.m.58 views

CVE-2024-3040

CVE-2024-3040 concerns Netentsec NS-ASG Application Security Gateway v6.3. The vulnerability affects the file path /admin/list_crl_conf, where manipulation of the CRLId parameter leads to an SQL injection. Exploitation can be performed remotely, and public disclosure of the exploit is noted. Seve...

9.8CVSS6.8AI score0.00824EPSS
Web
CVE
CVE
added 2024/03/28 3:0 p.m.58 views

CVE-2024-3041

Netentsec NS-ASG Application Security Gateway 6.3 has a SQL injection in /protocol/log/listloginfo.php. The vulnerability is triggered remotely via unsafe input handling in that PHP script, with public disclosure. Impact is described across sources as potentially affecting confidentiality, integr...

9.8CVSS6.8AI score0.00824EPSS
CVE
CVE
added 2024/06/09 3:0 a.m.58 views

CVE-2024-5773

CVE-2024-5773 affects Netentsec NS-ASG Application Security Gateway 6.3. The vulnerability resides in an unknown function in /protocol/firewall/deletemacbind.php where manipulation of the messagecontent parameter enables SQL injection. It can be exploited remotely and has been disclosed publicly....

9.8CVSS6.8AI score0.00651EPSS
Web
CVE
CVE
added 2024/03/19 10:31 p.m.57 views

CVE-2024-2645

CVE-2024-2645 affects Netentsec NS-ASG Application Security Gateway 6.3. The vulnerability is in the file "/vpnweb/resetpwd/resetpwd.php" where the UserId parameter can cause improper neutralization of data within XPath expressions, enabling a remote attack. Public exploitation has been disclosed...

5.3CVSS4.6AI score0.00731EPSS
Web
CVE
CVE
added 2024/04/08 6:0 p.m.57 views

CVE-2024-3458

Netentsec NS-ASG Application Security Gateway 6.3 contains a SQL injection vulnerability in the /admin/add_ikev2.php file, exploitable via manipulation of the TunnelId parameter. The issue allows remote attackers to inject SQL, with no authentication required per the description. Multiple sources...

9.8CVSS6.9AI score0.00707EPSS
Web
CVE
CVE
added 2023/10/22 11:31 p.m.53 views

CVE-2023-5700

CVE-2023-5700 affects Netentsec NS-ASG Application Security Gateway 6.3. The vulnerability is an SQL injection in an unknown function of /protocol/iscgwtunnel/uploadiscgwrouteconf.php, triggered by manipulating the GWLinkId parameter. Public disclosure is noted, and VDB-243138 is the associated i...

9.8CVSS6.9AI score0.00649EPSS
Web
CVE
CVE
added 2023/12/17 11:0 p.m.53 views

CVE-2023-6903

CVE-2023-6903 affects Netentsec NS-ASG Application Security Gateway 6.3.1. Affected component/path is /admin/singlelogin.php?submit=1, where manipulation of loginId enables SQL injection. The vulnerability can be exploited remotely and the exploit has been disclosed publicly. Multiple sources con...

9.8CVSS8.1AI score0.00711EPSS
Web
CVE
CVE
added 2023/10/20 8:31 p.m.52 views

CVE-2023-5681

CVE-2023-5681 affects Netentsec NS-ASG Application Security Gateway 6.3. The vulnerability targets an unknown portion of /admin/list_addr_fwresource_ip.php and enables SQL injection. Exploitation can be performed remotely, and the vulnerability entry notes that the exploit has been disclosed publ...

7.2CVSS5.8AI score0.00632EPSS
CVE
CVE
added 2024/03/19 11:31 p.m.51 views

CVE-2024-2649

Netentsec NS-ASG Application Security Gateway 6.3 is affected by CVE-2024-2649 due to SQL injection in the /protocol/iscdevicestatus/deleteonlineuser.php endpoint when manipulating the messagecontent parameter. The vulnerability is exploitable remotely, and multiple sources indicate the exploit/p...

9.8CVSS6.8AI score0.00838EPSS
Web
CVE
CVE
added 2023/10/27 5:31 p.m.50 views

CVE-2023-5826

CVE-2023-5826 affects Netentsec NS-ASG Application Security Gateway 6.3. The issue arises in the unknown functionality of the file /admin/list_onlineuser.php where manipulating the SessionId parameter leads to a SQL injection. Public disclosures exist and the vulnerability has been widely reporte...

8.8CVSS6.6AI score0.00656EPSS
Web
CVE
CVE
added 2023/05/05 12:0 a.m.45 views

CVE-2023-30242

NS-ASG v6.3 contains a SQL injection vulnerability in /admin/add_ikev2.php. CVSS 3.1 base score 9.8 (CRITICAL): network vector, no auth, no UI interaction, impacts to confidentiality, integrity, and availability. Root cause details and official remediation/version patch are not specified in the p...

9.8CVSS9.7AI score0.00731EPSS
CVE
CVE
added 2023/05/05 12:0 a.m.43 views

CVE-2023-30243

Beijing Netcon NS-ASG Application Security Gateway v6.3 is affected by a SQL Injection via TunnelId, enabling access to sensitive information. This CVE (CVE-2023-30243) has a CVSSv3.1 base score of 7.5 (HIGH), with network attack vector, no user interaction, and no privileges required. The vulner...

7.5CVSS7.8AI score0.00556EPSS
CVE
CVE
added 2023/10/26 3:0 p.m.43 views

CVE-2023-5785

CVE-2023-5785 affects Netentsec NS-ASG Application Security Gateway 6.3. The vulnerability originates from /protocol/firewall/addaddress_interpret.php where manipulation of the argument messagecontent enables SQL injection. Public disclosure of exploits is noted. Root cause is input handling in a...

7.5CVSS6.5AI score0.00551EPSS
Web
CVE
CVE
added 2024/06/15 1:0 p.m.40 views

CVE-2024-6007

CVE-2024-6007 : NetEntSec NS-ASG Application Security Gateway 6.3 contains a SQL injection in /protocol/iscgwtunnel/deleteiscgwrouteconf.php via the messagecontent parameter. The vulnerability is exploitable remotely and is described as critical, with public disclosure of the exploit. Root cause:...

9.8CVSS6.8AI score0.00599EPSS
Web
CVE
CVE
added 2024/06/03 12:31 a.m.38 views

CVE-2024-5590

The CVE-2024-5590 entry concerns Netentsec NS-ASG Application Security Gateway 6.3, where the JSON Content Handler’s file /protocol/iscuser/uploadiscuser.php contains exploitable code. Specifically, manipulation of the messagecontent argument causes SQL injection that can be triggered remotely. T...

9.8CVSS6.8AI score0.00615EPSS
Web
CVE
CVE
added 2024/06/09 2:0 a.m.30 views

CVE-2024-5772

CVE-2024-5772 affects Netentsec NS-ASG Application Security Gateway 6.3. The vulnerability arises from handling of the messagecontent parameter in /protocol/iscuser/deleteiscuser.php, where improper input handling allows SQL injection. Impact is described as high confidentiality, integrity, and a...

9.8CVSS6.8AI score0.00675EPSS
Web
CVE
CVE
added 2024/03/01 12:0 a.m.29 views

CVE-2024-2022

Netentsec NS-ASG Application Security Gateway 6.3 is affected by a SQL injection in /admin/list_ipAddressPolicy.php triggered by manipulating the GroupId parameter. The vulnerability can be exploited remotely; an exploit has been publicly disclosed. There is no explicit patched version in the pro...

9.8CVSS6.8AI score0.08537EPSS
Web
CVE
CVE
added 2024/06/03 12:0 a.m.28 views

CVE-2024-5589

Netentsec NS-ASG Application Security Gateway 6.3 is affected by CVE-2024-5589. The vulnerability targets the file /admin/config_MT.php?action=delete, where manipulation of the Mid parameter yields an SQL injection. The issue is exploitable remotely and has been disclosed publicly. Multiple sourc...

9.8CVSS6.8AI score0.00539EPSS
Web