Dtxharry

**Name of the Vulnerable Software and Affected Versions** Netentsec NS-ASG Application Security Gateway version 6.3 **Description** A problematic issue has been found in the Netentsec NS-ASG Application Security Gateway. This issue affects an unknown part of the file "/vpnweb/resetpwd/resetpwd.php". The manipulation of the `UserId` argument leads to improper neutralization of data within xpath expressions. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** Netentsec NS-ASG Application Security Gateway version 6.3: Update the "/vpnweb/resetpwd/resetpwd.php" file to properly neutralize data within xpath expressions, specifically ensuring the `UserId` argument is handled securely to prevent remote attacks. As a temporary workaround, consider restricting access to the "/vpnweb/resetpwd/resetpwd.php" file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Netentsec NS-ASG Application Security Gateway version 6.3 **Description** A critical issue was found in the Netentsec NS-ASG Application Security Gateway. The problem affects an unknown function of the file /admin/list localuser.php. The manipulation of the `ResId` argument leads to SQL injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For Netentsec NS-ASG Application Security Gateway version 6.3, as a temporary workaround, consider restricting access to the /admin/list localuser.php file until a patch is available. Avoid using the `ResId` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Netentsec NS-ASG Application Security Gateway version 6.3 **Description** A critical issue has been found in the Netentsec NS-ASG Application Security Gateway. The problem affects an unknown functionality of the file /admin/list ipAddressPolicy.php. The manipulation of the `GroupId` argument leads to sql injection. This issue can be exploited remotely. The exploit has been publicly disclosed. **Recommendations** For Netentsec NS-ASG Application Security Gateway version 6.3, as a temporary workaround, consider restricting access to the /admin/list ipAddressPolicy.php file until a patch is available. Additionally, avoid using the `GroupId` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.