VYPR

BroadWin WebAccess

by Advantech

CVEs (10)

  • CVE-2012-0242Feb 21, 2012
    risk 0.04cvss epss 0.07

    Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via format string specifiers in a message string.

  • CVE-2012-0241Feb 21, 2012
    risk 0.03cvss epss 0.05

    Advantech/BroadWin WebAccess before 7.0 allows remote attackers to cause a denial of service (memory corruption) via a modified stream identifier to a function.

  • CVE-2012-1234Feb 21, 2012
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to execute arbitrary SQL commands via a malformed URL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0234.

  • CVE-2012-0240Feb 21, 2012
    risk 0.00cvss epss 0.04

    GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2012-0237Feb 21, 2012
    risk 0.00cvss epss 0.01

    Advantech/BroadWin WebAccess before 7.0 allows remote attackers to (1) enable date and time syncing or (2) disable date and time syncing via a crafted URL.

  • CVE-2012-0235Feb 21, 2012
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

  • CVE-2011-4526Feb 21, 2012
    risk 0.00cvss epss 0.04

    Buffer overflow in an ActiveX control in Advantech/BroadWin WebAccess before 7.0 might allow remote attackers to execute arbitrary code via a long string value in unspecified parameters.

  • CVE-2011-4524Feb 21, 2012
    risk 0.00cvss epss 0.04

    Buffer overflow in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via a long string value in unspecified parameters.

  • CVE-2011-4522Feb 21, 2012
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in bwerrdn.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

  • CVE-2011-4521Feb 21, 2012
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via crafted string input.