BroadWin WebAccess
by Advantech
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-0242 | 0.04 | — | 0.07 | Feb 21, 2012 | Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via format string specifiers in a message string. | |||
| CVE-2012-0241 | 0.03 | — | 0.05 | Feb 21, 2012 | Advantech/BroadWin WebAccess before 7.0 allows remote attackers to cause a denial of service (memory corruption) via a modified stream identifier to a function. | |||
| CVE-2012-1234 | 0.00 | — | 0.01 | Feb 21, 2012 | SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to execute arbitrary SQL commands via a malformed URL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0234. | |||
| CVE-2012-0240 | 0.00 | — | 0.04 | Feb 21, 2012 | GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2012-0237 | 0.00 | — | 0.01 | Feb 21, 2012 | Advantech/BroadWin WebAccess before 7.0 allows remote attackers to (1) enable date and time syncing or (2) disable date and time syncing via a crafted URL. | |||
| CVE-2012-0235 | 0.00 | — | 0.01 | Feb 21, 2012 | Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||
| CVE-2011-4526 | 0.00 | — | 0.04 | Feb 21, 2012 | Buffer overflow in an ActiveX control in Advantech/BroadWin WebAccess before 7.0 might allow remote attackers to execute arbitrary code via a long string value in unspecified parameters. | |||
| CVE-2011-4524 | 0.00 | — | 0.04 | Feb 21, 2012 | Buffer overflow in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via a long string value in unspecified parameters. | |||
| CVE-2011-4522 | 0.00 | — | 0.01 | Feb 21, 2012 | Cross-site scripting (XSS) vulnerability in bwerrdn.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||
| CVE-2011-4521 | 0.00 | — | 0.01 | Feb 21, 2012 | SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via crafted string input. |
- CVE-2012-0242Feb 21, 2012risk 0.04cvss —epss 0.07
Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via format string specifiers in a message string.
- CVE-2012-0241Feb 21, 2012risk 0.03cvss —epss 0.05
Advantech/BroadWin WebAccess before 7.0 allows remote attackers to cause a denial of service (memory corruption) via a modified stream identifier to a function.
- CVE-2012-1234Feb 21, 2012risk 0.00cvss —epss 0.01
SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to execute arbitrary SQL commands via a malformed URL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0234.
- CVE-2012-0240Feb 21, 2012risk 0.00cvss —epss 0.04
GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to execute arbitrary code via unspecified vectors.
- CVE-2012-0237Feb 21, 2012risk 0.00cvss —epss 0.01
Advantech/BroadWin WebAccess before 7.0 allows remote attackers to (1) enable date and time syncing or (2) disable date and time syncing via a crafted URL.
- CVE-2012-0235Feb 21, 2012risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
- CVE-2011-4526Feb 21, 2012risk 0.00cvss —epss 0.04
Buffer overflow in an ActiveX control in Advantech/BroadWin WebAccess before 7.0 might allow remote attackers to execute arbitrary code via a long string value in unspecified parameters.
- CVE-2011-4524Feb 21, 2012risk 0.00cvss —epss 0.04
Buffer overflow in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via a long string value in unspecified parameters.
- CVE-2011-4522Feb 21, 2012risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in bwerrdn.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
- CVE-2011-4521Feb 21, 2012risk 0.00cvss —epss 0.01
SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via crafted string input.