Page 15 of 93 results (0.017 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

SQL injection vulnerability in news pages in Cargotec Navis WebAccess before 2016-08-10 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en páginas de noticias en Cargotec Navis WebAccess en versiones anteriores a 2016-08-10 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados. • https://ics-cert.us-cert.gov/advisories/ICSA-16-231-01 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive password information via unspecified vectors. UpAdminPg.asp en Advantech WebAccess versiones anteriores a 8.1_20160519 permite a los administradores autenticados remotos obtener información sensible de contraseñas a través de vectores no especificados. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess. Authentication is required to exploit this vulnerability. The specific flaw exists within upAdminPg.asp. One project administrator can view other project administrators' passwords along with the system administrator's password. • http://www.zerodayinitiative.com/advisories/ZDI-16-429 https://ics-cert.us-cert.gov/advisories/ICSA-16-173-01 https://github.com/rapid7/metasploit-framework/pull/7859#issuecomment-274305229 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0

Unspecified ActiveX controls in Advantech WebAccess before 8.1_20160519 allow remote authenticated users to obtain sensitive information or modify data via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag. Controles ActiveX no especificados en Advantech WebAccess en versiones anteriores a 8.1_20160519 permiten a usuarios remotos autenticados obtener información sensible o modificar datos a través de vectores desconocidos, relacionado con el indicador INTERFACESAFE_FOR_UNTRUSTED_CALLER (también conocido como secuencias de comandos para guardar). • https://ics-cert.us-cert.gov/advisories/ICSA-16-173-01 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

Buffer overflow in Advantech WebAccess before 8.1_20160519 allows local users to cause a denial of service via a crafted DLL file. Desbordamiento de buffer en Advantech WebAccess en versiones anteriores a 8.1_20160519 permite a usuarios locales provocar una denegación de servicio a través de un archivo DLL manipulado. • https://ics-cert.us-cert.gov/advisories/ICSA-16-173-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Cross-site request forgery (CSRF) vulnerability in Advantech WebAccess before 8.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Vulnerabilidad de CSRF en Advantech WebAccess en versiones anteriores a 8.1 permite a atacantes remotos secuestrar la autenticación de víctimas no especificadas a través de vectores desconocidos. • https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01 • CWE-352: Cross-Site Request Forgery (CSRF) •