Ozeki: Security Vulnerabilities
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The RSS To SMS module processes XML files in an unsafe manner. This opens the application to an XML External Entity attack that can be used to perform SSRF or read arbitrary local files.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-09-18
Ozeki HTTP-SMS Gateway 1.0, and possibly earlier, stores usernames and passwords in plaintext in the HKLM\Software\Ozeki\SMSServer\CurrentVersion\Plugins\httpsmsgate registry key, which allows local users to obtain sensitive information.
CVSS Score
2.1
EPSS Score
0.001
Published
2006-12-21
Page 2