VYPR

Webaccess

by Advantech

CVEs (164)

  • CVE-2018-14820Oct 23, 2018
    risk 0.00cvss epss 0.02

    Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing.

  • CVE-2018-14828Oct 23, 2018
    risk 0.00cvss epss 0.00

    Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level.

  • CVE-2018-15703Oct 22, 2018
    risk 0.00cvss epss 0.01

    Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim to supply malicious HTML or JavaScript code to WebAccess, which is…

  • CVE-2014-9202Sep 28, 2015
    risk 0.00cvss epss 0.01

    Multiple stack-based buffer overflows in an unspecified DLL file in Advantech WebAccess before 8.0_20150816 allow remote attackers to execute arbitrary code via a crafted file that triggers long string arguments to functions.

  • CVE-2014-8388Nov 21, 2014
    risk 0.00cvss epss 0.01

    Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin WebAccess, before 8.0 allows remote attackers to execute arbitrary code via a crafted ip_address parameter in an HTML document.

  • CVE-2014-0992Sep 20, 2014
    risk 0.00cvss epss 0.03

    Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the password parameter.

  • CVE-2014-0991Sep 20, 2014
    risk 0.00cvss epss 0.03

    Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the projectname parameter.

  • CVE-2014-0990Sep 20, 2014
    risk 0.00cvss epss 0.03

    Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the UserName parameter.

  • CVE-2014-0989Sep 20, 2014
    risk 0.00cvss epss 0.03

    Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode2 parameter.

  • CVE-2014-0988Sep 20, 2014
    risk 0.00cvss epss 0.03

    Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode parameter.

  • CVE-2014-0987Sep 20, 2014
    risk 0.00cvss epss 0.03

    Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName2 parameter.

  • CVE-2014-0986Sep 20, 2014
    risk 0.00cvss epss 0.03

    Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the GotoCmd parameter.

  • CVE-2014-0985Sep 20, 2014
    risk 0.00cvss epss 0.03

    Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName parameter.

  • CVE-2014-2368Jul 19, 2014
    risk 0.00cvss epss 0.02

    The BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call.

  • CVE-2014-2367Jul 19, 2014
    risk 0.00cvss epss 0.02

    The ChkCookie subroutine in an ActiveX control in broadweb/include/gChkCook.asp in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call.

  • CVE-2014-2366Jul 19, 2014
    risk 0.00cvss epss 0.01

    upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code.

  • CVE-2014-2365Jul 19, 2014
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Advantech WebAccess before 7.2 allows remote authenticated users to create or delete arbitrary files via unknown vectors.

  • CVE-2014-0773Apr 12, 2014
    risk 0.00cvss epss 0.03

    The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “CreateProcess.” This method contains validation to ensure an attacker cannot run arbitrary command lines. After validation, the values supplied in the HTML are passed to the Windows CreateProcessA API. The…

  • CVE-2014-0772Apr 12, 2014
    risk 0.00cvss epss 0.01

    The BWOCXRUN.BwocxrunCtrl.1 control contains a method named OpenUrlToBufferTimeout. This method takes a URL as a parameter and returns its contents to the caller in JavaScript. The URLs are accessed in the security context of the current browser session. The control does not…

  • CVE-2014-0771Apr 12, 2014
    risk 0.00cvss epss 0.01

    The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “OpenUrlToBuffer.” This method takes a URL as a parameter and returns its contents to the caller in JavaScript. The URLs are accessed in the security context of the current browser session. The control does not …

Page 7 of 9