NotCVE - vendor:"Advantech" product:"Advantech Webaccess" version:" <= 7.0"

Page 4 of 36 results (0.005 seconds)

CVSS: 3.5EPSS: 0%CPEs: 3EXPL: 1

CVE-2013-2299 – Advantech Webaccess HMI/SCADA Software - Persistence Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2013-2299

Cross-site scripting (XSS) vulnerability in Advantech WebAccess (formerly BroadWin WebAccess) before 7.1 2013.05.30 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-site scripting (XSS) en Advantech WebAccess (anteriormente BroadWin WebAccess) anterior a v7.1 2013.05.30 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a través de vectores no especificados. • https://www.exploit-db.com/exploits/23968 http://ics-cert.us-cert.gov/advisories/ICSA-13-225-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0

CVE-2012-0235

https://notcve.org/view.php?id=CVE-2012-0235

Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Vulnerabilidad de falsificación de peticiones en sitios cruzados (CSRF) en Advantech/Broadwin WebAccess antes de v7.0 permite a atacantes remotos secuestrar la autenticación de víctimas no especificadas a través de vectores desconocidos. • http://www.securityfocus.com/bid/52051 http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2012-1234

https://notcve.org/view.php?id=CVE-2012-1234

SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to execute arbitrary SQL commands via a malformed URL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0234. Vulnerabilidad de inyección SQL en Advantech/BroadWin WebAccess v7.0, permite a usuarios autenticados remotamente ejecutar comandos SQL a través de una dirección URL incorrecta. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2012-0234. • http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2012-0234

https://notcve.org/view.php?id=CVE-2012-0234

SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via a malformed URL. Vulnerabilidad de inyección SQL en Advantech/Broadwin WebAccess antes de v7.0 permite a atacantes remotos ejecutar comandos SQL a través de una dirección URL incorrecta. • http://www.securityfocus.com/bid/52051 http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 10.0EPSS: 4%CPEs: 2EXPL: 0

CVE-2011-4524

https://notcve.org/view.php?id=CVE-2011-4524

Buffer overflow in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via a long string value in unspecified parameters. Desbordamiento de buffer en Advantech/BroadWin WebAccess anteriores a la 7.0 permite a atacantes remotos ejecutar código arbitrario a través de un valor de cadena extenso a través de parámetros sin especificar. • http://www.securityfocus.com/bid/52051 http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

1 2 3 4 5