Webaccess
Sign in to watchby Advantech
CVEs (27)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-4525 | Med | 0.43 | 6.6 | 0.00 | Jun 25, 2016 | Unspecified ActiveX controls in Advantech WebAccess before 8.1_20160519 allow remote authenticated users to obtain sensitive information or modify data via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag. | |
| CVE-2015-3948 | Med | 0.35 | 5.4 | 0.00 | Jan 15, 2016 | Cross-site scripting (XSS) vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |
| CVE-2015-3943 | Med | 0.34 | 5.3 | 0.00 | Jan 15, 2016 | Advantech WebAccess before 8.1 allows remote attackers to read sensitive cleartext information about e-mail project accounts via unspecified vectors. | |
| CVE-2016-4528 | Med | 0.33 | 5.0 | 0.00 | Jun 25, 2016 | Buffer overflow in Advantech WebAccess before 8.1_20160519 allows local users to cause a denial of service via a crafted DLL file. | |
| CVE-2014-9208 | 0.05 | — | 0.22 | Sep 11, 2015 | Multiple stack-based buffer overflows in unspecified DLL files in Advantech WebAccess before 8.0.1 allow remote attackers to execute arbitrary code via unknown vectors. | ||
| CVE-2014-9202 | 0.00 | — | 0.01 | Sep 28, 2015 | Multiple stack-based buffer overflows in an unspecified DLL file in Advantech WebAccess before 8.0_20150816 allow remote attackers to execute arbitrary code via a crafted file that triggers long string arguments to functions. | ||
| CVE-2014-8388 | 0.00 | — | 0.00 | Nov 21, 2014 | Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin WebAccess, before 8.0 allows remote attackers to execute arbitrary code via a crafted ip_address parameter in an HTML document. |
Page 2 of 2