Webaccess
by Advantech
CVEs (164)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-14820 | 0.00 | — | 0.02 | Oct 23, 2018 | Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing. | |||
| CVE-2018-14828 | 0.00 | — | 0.00 | Oct 23, 2018 | Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level. | |||
| CVE-2018-15703 | 0.00 | — | 0.01 | Oct 22, 2018 | Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim to supply malicious HTML or JavaScript code to WebAccess, which is… | |||
| CVE-2014-9202 | 0.00 | — | 0.01 | Sep 28, 2015 | Multiple stack-based buffer overflows in an unspecified DLL file in Advantech WebAccess before 8.0_20150816 allow remote attackers to execute arbitrary code via a crafted file that triggers long string arguments to functions. | |||
| CVE-2014-8388 | 0.00 | — | 0.01 | Nov 21, 2014 | Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin WebAccess, before 8.0 allows remote attackers to execute arbitrary code via a crafted ip_address parameter in an HTML document. | |||
| CVE-2014-0992 | 0.00 | — | 0.03 | Sep 20, 2014 | Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the password parameter. | |||
| CVE-2014-0991 | 0.00 | — | 0.03 | Sep 20, 2014 | Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the projectname parameter. | |||
| CVE-2014-0990 | 0.00 | — | 0.03 | Sep 20, 2014 | Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the UserName parameter. | |||
| CVE-2014-0989 | 0.00 | — | 0.03 | Sep 20, 2014 | Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode2 parameter. | |||
| CVE-2014-0988 | 0.00 | — | 0.03 | Sep 20, 2014 | Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode parameter. | |||
| CVE-2014-0987 | 0.00 | — | 0.03 | Sep 20, 2014 | Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName2 parameter. | |||
| CVE-2014-0986 | 0.00 | — | 0.03 | Sep 20, 2014 | Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the GotoCmd parameter. | |||
| CVE-2014-0985 | 0.00 | — | 0.03 | Sep 20, 2014 | Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName parameter. | |||
| CVE-2014-2368 | 0.00 | — | 0.02 | Jul 19, 2014 | The BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call. | |||
| CVE-2014-2367 | 0.00 | — | 0.02 | Jul 19, 2014 | The ChkCookie subroutine in an ActiveX control in broadweb/include/gChkCook.asp in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call. | |||
| CVE-2014-2366 | 0.00 | — | 0.01 | Jul 19, 2014 | upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code. | |||
| CVE-2014-2365 | 0.00 | — | 0.02 | Jul 19, 2014 | Unspecified vulnerability in Advantech WebAccess before 7.2 allows remote authenticated users to create or delete arbitrary files via unknown vectors. | |||
| CVE-2014-0773 | 0.00 | — | 0.03 | Apr 12, 2014 | The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “CreateProcess.” This method contains validation to ensure an attacker cannot run arbitrary command lines. After validation, the values supplied in the HTML are passed to the Windows CreateProcessA API. The… | |||
| CVE-2014-0772 | 0.00 | — | 0.01 | Apr 12, 2014 | The BWOCXRUN.BwocxrunCtrl.1 control contains a method named OpenUrlToBufferTimeout. This method takes a URL as a parameter and returns its contents to the caller in JavaScript. The URLs are accessed in the security context of the current browser session. The control does not… | |||
| CVE-2014-0771 | 0.00 | — | 0.01 | Apr 12, 2014 | The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “OpenUrlToBuffer.” This method takes a URL as a parameter and returns its contents to the caller in JavaScript. The URLs are accessed in the security context of the current browser session. The control does not … |
- CVE-2018-14820Oct 23, 2018risk 0.00cvss —epss 0.02
Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing.
- CVE-2018-14828Oct 23, 2018risk 0.00cvss —epss 0.00
Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level.
- CVE-2018-15703Oct 22, 2018risk 0.00cvss —epss 0.01
Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim to supply malicious HTML or JavaScript code to WebAccess, which is…
- CVE-2014-9202Sep 28, 2015risk 0.00cvss —epss 0.01
Multiple stack-based buffer overflows in an unspecified DLL file in Advantech WebAccess before 8.0_20150816 allow remote attackers to execute arbitrary code via a crafted file that triggers long string arguments to functions.
- CVE-2014-8388Nov 21, 2014risk 0.00cvss —epss 0.01
Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin WebAccess, before 8.0 allows remote attackers to execute arbitrary code via a crafted ip_address parameter in an HTML document.
- CVE-2014-0992Sep 20, 2014risk 0.00cvss —epss 0.03
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the password parameter.
- CVE-2014-0991Sep 20, 2014risk 0.00cvss —epss 0.03
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the projectname parameter.
- CVE-2014-0990Sep 20, 2014risk 0.00cvss —epss 0.03
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the UserName parameter.
- CVE-2014-0989Sep 20, 2014risk 0.00cvss —epss 0.03
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode2 parameter.
- CVE-2014-0988Sep 20, 2014risk 0.00cvss —epss 0.03
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode parameter.
- CVE-2014-0987Sep 20, 2014risk 0.00cvss —epss 0.03
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName2 parameter.
- CVE-2014-0986Sep 20, 2014risk 0.00cvss —epss 0.03
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the GotoCmd parameter.
- CVE-2014-0985Sep 20, 2014risk 0.00cvss —epss 0.03
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName parameter.
- CVE-2014-2368Jul 19, 2014risk 0.00cvss —epss 0.02
The BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call.
- CVE-2014-2367Jul 19, 2014risk 0.00cvss —epss 0.02
The ChkCookie subroutine in an ActiveX control in broadweb/include/gChkCook.asp in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call.
- CVE-2014-2366Jul 19, 2014risk 0.00cvss —epss 0.01
upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code.
- CVE-2014-2365Jul 19, 2014risk 0.00cvss —epss 0.02
Unspecified vulnerability in Advantech WebAccess before 7.2 allows remote authenticated users to create or delete arbitrary files via unknown vectors.
- CVE-2014-0773Apr 12, 2014risk 0.00cvss —epss 0.03
The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “CreateProcess.” This method contains validation to ensure an attacker cannot run arbitrary command lines. After validation, the values supplied in the HTML are passed to the Windows CreateProcessA API. The…
- CVE-2014-0772Apr 12, 2014risk 0.00cvss —epss 0.01
The BWOCXRUN.BwocxrunCtrl.1 control contains a method named OpenUrlToBufferTimeout. This method takes a URL as a parameter and returns its contents to the caller in JavaScript. The URLs are accessed in the security context of the current browser session. The control does not…
- CVE-2014-0771Apr 12, 2014risk 0.00cvss —epss 0.01
The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “OpenUrlToBuffer.” This method takes a URL as a parameter and returns its contents to the caller in JavaScript. The URLs are accessed in the security context of the current browser session. The control does not …
Page 7 of 9