Advantech Webaccess
Sign in to watchby Advantech
CVEs (43)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2014-0768 | 0.00 | — | 0.01 | Apr 12, 2014 | An attacker may pass an overly long value from the AccessCode2 argument to the control to overflow the static stack buffer. The attacker may then remotely execute arbitrary code. | ||
| CVE-2014-0767 | 0.00 | — | 0.01 | Apr 12, 2014 | An attacker may exploit this vulnerability by passing an overly long value from the AccessCode argument to the control. This will overflow the static stack buffer. The attacker may then execute code on the target device remotely. | ||
| CVE-2014-0766 | 0.00 | — | 0.01 | Apr 12, 2014 | An attacker can exploit this vulnerability by copying an overly long NodeName2 argument into a statically sized buffer on the stack to overflow the static stack buffer. An attacker may use this vulnerability to remotely execute arbitrary code. | ||
| CVE-2014-0765 | 0.00 | — | 0.01 | Apr 12, 2014 | To exploit this vulnerability, the attacker sends data from the GotoCmd argument to control. If the value of the argument is overly long, the static stack buffer can be overflowed. This will allow the attacker to execute arbitrary code remotely. | ||
| CVE-2014-0764 | 0.00 | — | 0.01 | Apr 12, 2014 | By providing an overly long string to the NodeName parameter, an attacker may be able to overflow the static stack buffer. The attacker may then execute code on the target device remotely. | ||
| CVE-2012-1235 | 0.00 | — | 0.00 | Feb 21, 2012 | Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0235. | ||
| CVE-2012-1234 | 0.00 | — | 0.00 | Feb 21, 2012 | SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to execute arbitrary SQL commands via a malformed URL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0234. | ||
| CVE-2012-0244 | 0.00 | — | 0.00 | Feb 21, 2012 | Multiple SQL injection vulnerabilities in Advantech/BroadWin WebAccess before 7.0 allow remote attackers to execute arbitrary SQL commands via crafted string input. | ||
| CVE-2012-0243 | 0.00 | — | 0.03 | Feb 21, 2012 | Buffer overflow in an ActiveX control in bwocxrun.ocx in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code by leveraging the ability to write arbitrary content to any pathname. | ||
| CVE-2012-0240 | 0.00 | — | 0.01 | Feb 21, 2012 | GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to execute arbitrary code via unspecified vectors. | ||
| CVE-2012-0239 | 0.00 | — | 0.00 | Feb 21, 2012 | uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to modify an administrative password via a password-change request. | ||
| CVE-2012-0238 | 0.00 | — | 0.03 | Feb 21, 2012 | Stack-based buffer overflow in opcImg.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via unspecified vectors. | ||
| CVE-2012-0237 | 0.00 | — | 0.00 | Feb 21, 2012 | Advantech/BroadWin WebAccess before 7.0 allows remote attackers to (1) enable date and time syncing or (2) disable date and time syncing via a crafted URL. | ||
| CVE-2012-0236 | 0.00 | — | 0.00 | Feb 21, 2012 | Advantech/BroadWin WebAccess 7.0 and earlier allows remote attackers to obtain sensitive information via a direct request to a URL. NOTE: the vendor reportedly "does not consider it to be a security risk." | ||
| CVE-2012-0235 | 0.00 | — | 0.00 | Feb 21, 2012 | Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||
| CVE-2012-0234 | 0.00 | — | 0.00 | Feb 21, 2012 | SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via a malformed URL. | ||
| CVE-2012-0233 | 0.00 | — | 0.00 | Feb 21, 2012 | Cross-site scripting (XSS) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via a malformed URL. | ||
| CVE-2011-4526 | 0.00 | — | 0.03 | Feb 21, 2012 | Buffer overflow in an ActiveX control in Advantech/BroadWin WebAccess before 7.0 might allow remote attackers to execute arbitrary code via a long string value in unspecified parameters. | ||
| CVE-2011-4525 | 0.00 | — | 0.01 | Feb 21, 2012 | Advantech/BroadWin WebAccess before 7.0 allows remote attackers to trigger the extraction of arbitrary web content into a batch file on a client system, and execute this batch file, via unspecified vectors. | ||
| CVE-2011-4524 | 0.00 | — | 0.03 | Feb 21, 2012 | Buffer overflow in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via a long string value in unspecified parameters. |
Page 2 of 3