Page 5 of 36 results (0.009 seconds)

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2012-0233

https://notcve.org/view.php?id=CVE-2012-0233

Cross-site scripting (XSS) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via a malformed URL. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Advantech/Broadwin WebAccess antes de v7.0 permite a atacantes remotos ejecutar secuencias de comandos web o HTML a través de una dirección URL incorrecta. • http://www.securityfocus.com/bid/52051 http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0

CVE-2012-0237

https://notcve.org/view.php?id=CVE-2012-0237

Advantech/BroadWin WebAccess before 7.0 allows remote attackers to (1) enable date and time syncing or (2) disable date and time syncing via a crafted URL. Advantech/Broadwin WebAccess antes de v7.0 permite a atacantes remotos (1) permitir la sincronización de fecha y hora, o (2) desactivar la sincronización de fecha y hora través de una URL maliciosa. • http://www.securityfocus.com/bid/52051 http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 5%CPEs: 2EXPL: 0

CVE-2011-4526

https://notcve.org/view.php?id=CVE-2011-4526

Buffer overflow in an ActiveX control in Advantech/BroadWin WebAccess before 7.0 might allow remote attackers to execute arbitrary code via a long string value in unspecified parameters. Desbordamiento de buffer en el control ActiveX de Advantech/BroadWin WebAccess anteriores a 7.0 puede permitir a atacantes remotos ejecutar código arbitrario a través de un valor string extenso en parámetros sin especificar. • http://www.securityfocus.com/bid/52051 http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 1

CVE-2012-0242 – BroadWin Webaccess Client - Multiple Vulnerabilities

https://notcve.org/view.php?id=CVE-2012-0242

Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via format string specifiers in a message string. Vulnerabilidad de formato de cadena en Advantech/Broadwin WebAccess antes de v7.0 permite a atacantes remotos ejecutar código arbitrario mediante especificadores de formato de cadena en una cadena de mensaje. • https://www.exploit-db.com/exploits/17772 http://www.securityfocus.com/bid/52051 http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf • CWE-134: Use of Externally-Controlled Format String •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2011-4523

https://notcve.org/view.php?id=CVE-2011-4523

Cross-site scripting (XSS) vulnerability in bwview.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en bwview.asp de Advantech/BroadWin WebAccess anteriores a la 7.0. Permite a usuarios remotos inyectar codigo de script web o código HTML de su elección a través de vectores sin especificar. • http://www.securityfocus.com/bid/52051 http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •