
CVE-2014-9208 – Advantech Webaccess 8.0 / 3.4.3 - ActiveX Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-9208
07 Sep 2015 — Multiple stack-based buffer overflows in unspecified DLL files in Advantech WebAccess before 8.0.1 allow remote attackers to execute arbitrary code via unknown vectors. Múltiple desbordamiento de buffer basado en pila en archivos DLL no especificados en Advantech WebAccess en versiones anteriores a 8.0.1, permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos. Using Advantech WebAccess SCADA Software and attacker can remotely manage industrial control systems devices like R... • https://packetstorm.news/files/id/133475 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVE-2014-8388 – Advantech WebAccess 7.2 Stack-Based Buffer Overflow
https://notcve.org/view.php?id=CVE-2014-8388
20 Nov 2014 — Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin WebAccess, before 8.0 allows remote attackers to execute arbitrary code via a crafted ip_address parameter in an HTML document. Desbordamiento de buffer basado en pila de Advantech WebAccess antiguamente Broadwin WebAccess, anterior a 8.0 permite a atacantes remotos ejecutar código arbitrario a través de un parámetro ip_address manipulado en un documento HMTL. Advantech WebAccess version 7.2 is vulnerable to a stack-based buffer overflow ... • https://ics-cert.us-cert.gov/advisories/ICSA-14-324-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVE-2014-5449 – Mandriva Linux Security Advisory 2014-182
https://notcve.org/view.php?id=CVE-2014-5449
25 Sep 2014 — Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data. Zarafa WebAccess 4.1 y WebApp utilizan permisos de lectura universal para los ficheros en su directorio tmp, lo que permite a usuarios locales obtener información sensible mediante la lectura de datos de sesiones temporales. Robert Scheck reported that Zarafa's WebAccess stored session information, including login cr... • http://advisories.mageia.org/MGASA-2014-0380.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •