ZeroShell

Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character.

• ZeroShell Linux Router 3.9.3 OS Command Injection vulnerability [CVE-2020-29390]

Artica

Artica Proxy is a system that provide a sexy Web Ajax console in order manage a full Proxy server without any technical skill and with latest Squid technology. It provide surls filtering with french Toulouse University and Artica database - over 30.000.000 websites. There are many statistics per users or categories or websites and features in order to manage Internet bandwith. It provides FireWall/QOS features. Can work in Transparent mode or connected to an Activ Directory/OpenLDAP members database.

• Artica Proxy v4.30.00000 Authentication Bypass [CVE-2020-17506]
• Artica proxy v4.30.00000 OS Command Injection [CVE-2020-17505]

---

Oracle

Four Oracle F5 big-ip devices were found to be vulnerable and thanked by Oracle.

Oracle Critical Patch Update Advisory - July 2020

---