CVE-2014-8387 – Advantech EKI-6340 - Command Injection
https://notcve.org/view.php?id=CVE-2014-8387
cgi/utility.cgi in Advantech EKI-6340 2.05 Wi-Fi Mesh Access Point allows remote authenticated users to execute arbitrary commands via shell metacharacters in the pinghost parameter to ping.cgi. cgi/utility.cgi en Advantech EKI-6340 2.05 Wi-Fi Mesh Access Point permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través de metacaracteres de shell en el parámetro pinghost en ping.cgi • https://www.exploit-db.com/exploits/35357 http://seclists.org/fulldisclosure/2014/Nov/58 http://www.coresecurity.com/advisories/advantech-eki-6340-command-injection http://www.securityfocus.com/archive/1/534021/100/0/threaded http://www.securityfocus.com/bid/71192 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2014-0991
https://notcve.org/view.php?id=CVE-2014-0991
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the projectname parameter. Desbordamiento de buffer basado en pila en Advantech WebAccess (antiguamente BroadWin WebAccess) 7.2 permite a atacantes remotos ejecutar código arbitrario a través del parámetro projectname. • http://www.securityfocus.com/bid/69536 https://ics-cert.us-cert.gov/advisories/ICSA-14-261-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-0989
https://notcve.org/view.php?id=CVE-2014-0989
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode2 parameter. Desbordamiento de buffer basado en pila en Advantech WebAccess (antiguamente BroadWin WebAccess) 7.2 permite a atacantes remotos ejecutar código arbitrario a través del parámetro AccessCode2. • http://www.securityfocus.com/bid/69534 https://ics-cert.us-cert.gov/advisories/ICSA-14-261-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-0986
https://notcve.org/view.php?id=CVE-2014-0986
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the GotoCmd parameter. Desbordamiento de buffer basado en pila en Advantech WebAccess (antiguamente BroadWin WebAccess) 7.2 permite a atacantes remotos ejecutar código arbitrario a través del parámetro GotoCmd. • http://www.securityfocus.com/bid/69531 https://ics-cert.us-cert.gov/advisories/ICSA-14-261-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-0992
https://notcve.org/view.php?id=CVE-2014-0992
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the password parameter. Desbordamiento de buffer basado en pila en Advantech WebAccess (antiguamente BroadWin WebAccess) 7.2 permite a atacantes remotos ejecutar código arbitrario a través del parámetro password. • http://www.securityfocus.com/bid/69538 https://ics-cert.us-cert.gov/advisories/ICSA-14-261-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •