CVE-2014-8386 – Advantech AdamView 4.30.003 - '.gni' Local Buffer Overflow (SEH)
https://notcve.org/view.php?id=CVE-2014-8386
Multiple stack-based buffer overflows in Advantech AdamView 4.3 and earlier allow remote attackers to execute arbitrary code via a crafted (1) display properties or (2) conditional bitmap parameter in a GNI file. Múltiples desbordamientos de buffer basado en pila en Advantech AdamView 4.3 y anteriores permiten a atacantes remotos ejecutar código arbitrario a través de un parámetro (1) display properties o (2) conditional bitmap manipulado en un ficheros GNI. • https://www.exploit-db.com/exploits/35503 http://seclists.org/fulldisclosure/2014/Nov/57 http://www.coresecurity.com/advisories/advantech-adamView-buffer-overflow http://www.exploit-db.com/exploits/35503 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-8387 – Advantech EKI-6340 - Command Injection
https://notcve.org/view.php?id=CVE-2014-8387
cgi/utility.cgi in Advantech EKI-6340 2.05 Wi-Fi Mesh Access Point allows remote authenticated users to execute arbitrary commands via shell metacharacters in the pinghost parameter to ping.cgi. cgi/utility.cgi en Advantech EKI-6340 2.05 Wi-Fi Mesh Access Point permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través de metacaracteres de shell en el parámetro pinghost en ping.cgi • https://www.exploit-db.com/exploits/35357 http://seclists.org/fulldisclosure/2014/Nov/58 http://www.coresecurity.com/advisories/advantech-eki-6340-command-injection http://www.securityfocus.com/archive/1/534021/100/0/threaded http://www.securityfocus.com/bid/71192 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2014-0991
https://notcve.org/view.php?id=CVE-2014-0991
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the projectname parameter. Desbordamiento de buffer basado en pila en Advantech WebAccess (antiguamente BroadWin WebAccess) 7.2 permite a atacantes remotos ejecutar código arbitrario a través del parámetro projectname. • http://www.securityfocus.com/bid/69536 https://ics-cert.us-cert.gov/advisories/ICSA-14-261-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-0989
https://notcve.org/view.php?id=CVE-2014-0989
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode2 parameter. Desbordamiento de buffer basado en pila en Advantech WebAccess (antiguamente BroadWin WebAccess) 7.2 permite a atacantes remotos ejecutar código arbitrario a través del parámetro AccessCode2. • http://www.securityfocus.com/bid/69534 https://ics-cert.us-cert.gov/advisories/ICSA-14-261-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-0986
https://notcve.org/view.php?id=CVE-2014-0986
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the GotoCmd parameter. Desbordamiento de buffer basado en pila en Advantech WebAccess (antiguamente BroadWin WebAccess) 7.2 permite a atacantes remotos ejecutar código arbitrario a través del parámetro GotoCmd. • http://www.securityfocus.com/bid/69531 https://ics-cert.us-cert.gov/advisories/ICSA-14-261-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •