CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 0CVE-2012-0240
https://notcve.org/view.php?id=CVE-2012-0240
GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to execute arbitrary code via unspecified vectors. GbScriptAddUp.asp en Advantech/Broadwin WebAccess antes de v7.0, no realiza correctamente la autenticación, lo que permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. • http://www.securityfocus.com/bid/52051 http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 4%CPEs: 2EXPL: 0CVE-2012-0243
https://notcve.org/view.php?id=CVE-2012-0243
Buffer overflow in an ActiveX control in bwocxrun.ocx in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code by leveraging the ability to write arbitrary content to any pathname. Desbordamiento de búfer en un control ActiveX en bwocxrun.ocx de Advantech/Broadwin WebAccess antes de v7.0, permite a atacantes remotos ejecutar código de su elección mediante el aprovechamiento de la capacidad de escribir contenido arbitrario en cualquier ruta. • http://www.securityfocus.com/bid/52051 http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 4%CPEs: 2EXPL: 0CVE-2012-0238
https://notcve.org/view.php?id=CVE-2012-0238
Stack-based buffer overflow in opcImg.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via unspecified vectors. Desbordamiento de búfer basado en pila en opcImg.asp en Advantech/Broadwin WebAccess antes de v7.0 permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. • http://www.securityfocus.com/bid/52051 http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2011-4521
https://notcve.org/view.php?id=CVE-2011-4521
SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via crafted string input. Vulnerabilidad de inyección SQL en Advantech/BroadWin WebAccess anteriores a 7.0 permite a atacantes remotos ejecutar comandos SQL de su elección a través de entradas de cadenas de texto. • http://www.securityfocus.com/bid/52051 http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.0EPSS: 14%CPEs: 2EXPL: 2CVE-2012-0241 – BroadWin Webaccess Client - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-0241
Advantech/BroadWin WebAccess before 7.0 allows remote attackers to cause a denial of service (memory corruption) via a modified stream identifier to a function. Advantech/Broadwin WebAccess antes de v7.0 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) a través de un identificador de flujo modificado para una función. • https://www.exploit-db.com/exploits/17772 https://www.exploit-db.com/exploits/18051 http://www.securityfocus.com/bid/52051 http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/73281 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •