Page 13 of 73 results (0.006 seconds)

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

An Improper Restriction Of Operations Within The Bounds Of A Memory Buffer issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities that allow invalid locations to be referenced for the memory buffer, which may allow an attacker to execute arbitrary code or cause the system to crash. Se descubrió una vulnerabilidad en la que se restringe incorrectamente las operaciones dentro de los límites de un búfer de memoria en Advantech WebAccess en versiones anteriores a la V8.2_20170817. Los investigadores han identificado múltiples vulnerabilidades que permiten que se referencien ubicaciones no válidas al búfer de memoria, lo que puede permitir que un atacante ejecute código arbitrario o haga que el sistema falle. • http://www.securityfocus.com/bid/100526 https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

An Externally Controlled Format String issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. String format specifiers based on user provided input are not properly validated, which could allow an attacker to execute arbitrary code. Se descubrió una vulnerabilidad de cadenas de formato controladas externamente en Advantech WebAccess en versiones anteriores a la V8.2_20170817. Los especificadores de formato de cadenas basados en valores de entrada proporcionados por el usuario no están validados correctamente, lo que podría permitir que un atacante ejecute código arbitrario. • http://www.securityfocus.com/bid/100526 https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02 • CWE-134: Use of Externally-Controlled Format String •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

An Incorrect Privilege Assignment issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A built-in user account has been granted a sensitive privilege that may allow a user to elevate to administrative privileges. Se descubrió una vulnerabilidad de asignación incorrecta de privilegios en Advantech WebAccess en versiones anteriores a la V8.2_20170817. Se le ha concedido un privilegio sensible a una cuenta de usuario incorporada que podría permitir a un usuario elevar sus privilegios a privilegios administrativos. • http://www.securityfocus.com/bid/100526 https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02 • CWE-266: Incorrect Privilege Assignment •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

A stack-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer, which could allow an attacker to execute arbitrary code under the context of the process. Se descubrió una vulnerabilidad de desbordamiento de búfer basado en pilas en Advantech WebAccess en versiones anteriores a la V8.2_20170817. Los investigadores han identificado múltiples vulnerabilidades en donde no se valida correctamente la longitud de los datos introducidos por el usuario antes de copiarlos a la pila, lo que podría permitir a un atacante ejecutar código arbitrario bajo el contexto del proceso. • http://www.securityfocus.com/bid/100526 https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •

CVSS: 9.4EPSS: 4%CPEs: 1EXPL: 0

A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. By submitting a specially crafted parameter, it is possible to inject arbitrary SQL statements that could allow an attacker to obtain sensitive information. Se descubrió una vulnerabilidad de inyección SQL en Advantech WebAccess en versiones anteriores a la V8.2_20170817. Al enviar un parámetro especialmente manipulado, es posible inyectar declaraciones SQL que podrían permitir a un atacante obtener información sensible. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess. • http://www.securityfocus.com/bid/100526 http://www.zerodayinitiative.com/advisories/ZDI-17-712 https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02 https://www.tenable.com/security/research/tra-2017-29 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •