Page 18 of 105 results (0.010 seconds)

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

Buffer overflow in Advantech WebAccess before 8.1_20160519 allows local users to cause a denial of service via a crafted DLL file. Desbordamiento de buffer en Advantech WebAccess en versiones anteriores a 8.1_20160519 permite a usuarios locales provocar una denegación de servicio a través de un archivo DLL manipulado. • https://ics-cert.us-cert.gov/advisories/ICSA-16-173-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Cross-site request forgery (CSRF) vulnerability in Advantech WebAccess before 8.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Vulnerabilidad de CSRF en Advantech WebAccess en versiones anteriores a 8.1 permite a atacantes remotos secuestrar la autenticación de víctimas no especificadas a través de vectores desconocidos. • https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0

Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code via vectors involving a browser plugin. Advantech WebAccess en versiones anteriores a 8.1 permite a atacantes remotos ejecutar código arbitrario a través de vectores involucrados con un plugin del navegador. • https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01 •

CVSS: 10.0EPSS: 39%CPEs: 1EXPL: 1

Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess Dashboard Viewer in Advantech WebAccess before 8.1 allows remote attackers to write to files of arbitrary types via unspecified vectors. Vulnerabilidad de carga de archivos sin restricciones en la función uploadImageCommon en el script UploadAjaxAction en la WebAccess Dashboard Viewer en Advantech WebAccess en versiones anteriores a 8.1 permite a atacantes remotos escribir en archivos de tipos arbitrarios a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WebAccess Dashboard Viewer. Insufficient validation within the SaveGeneralFile functionality allows unauthenticated callers to upload arbitrary code to directories in the server where the code can be automatically executed under the high-privilege context of the IIS AppPool. • https://www.exploit-db.com/exploits/39735 http://www.rapid7.com/db/modules/exploit/windows/scada/advantech_webaccess_dashboard_file_upload http://www.zerodayinitiative.com/advisories/ZDI-16-127 http://www.zerodayinitiative.com/advisories/ZDI-16-128 http://www.zerodayinitiative.com/advisories/ZDI-16-129 https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01 •

CVSS: 10.0EPSS: 65%CPEs: 1EXPL: 0

Multiple heap-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors. Múltiples desbordamientos de buffer basado en memoria dinámica en Advantech WebAccess en versiones anteriores a 8.1 permiten a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x5228 IOCTL in the Kernel subsystem. A heap-based buffer overflow vulnerability exists in a call to strcpy with the AlarmMessage parameter. • http://www.zerodayinitiative.com/advisories/ZDI-16-107 http://www.zerodayinitiative.com/advisories/ZDI-16-119 http://www.zerodayinitiative.com/advisories/ZDI-16-121 https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •