CVE-2012-0239
https://notcve.org/view.php?id=CVE-2012-0239
uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to modify an administrative password via a password-change request. uaddUpAdmin.asp en Advantech/Broadwin WebAccess antes de v7.0, no realiza correctamente la autenticación, lo que permite a atacantes remotos modificar una contraseña de administrador a través de una solicitud de cambio de contraseña. • http://www.securityfocus.com/bid/52051 http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf • CWE-287: Improper Authentication •
CVE-2012-0241 – BroadWin Webaccess Client - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-0241
Advantech/BroadWin WebAccess before 7.0 allows remote attackers to cause a denial of service (memory corruption) via a modified stream identifier to a function. Advantech/Broadwin WebAccess antes de v7.0 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) a través de un identificador de flujo modificado para una función. • https://www.exploit-db.com/exploits/17772 https://www.exploit-db.com/exploits/18051 http://www.securityfocus.com/bid/52051 http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/73281 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2012-0244
https://notcve.org/view.php?id=CVE-2012-0244
Multiple SQL injection vulnerabilities in Advantech/BroadWin WebAccess before 7.0 allow remote attackers to execute arbitrary SQL commands via crafted string input. Vulnerabilidad de inyección SQL en Advantech/BroadWin WebAccess v7.0, permite a usuarios autenticados remotamente ejecutar comandos SQL a través de una cadena de entrada modificada • http://www.securityfocus.com/bid/52051 http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2011-4526
https://notcve.org/view.php?id=CVE-2011-4526
Buffer overflow in an ActiveX control in Advantech/BroadWin WebAccess before 7.0 might allow remote attackers to execute arbitrary code via a long string value in unspecified parameters. Desbordamiento de buffer en el control ActiveX de Advantech/BroadWin WebAccess anteriores a 7.0 puede permitir a atacantes remotos ejecutar código arbitrario a través de un valor string extenso en parámetros sin especificar. • http://www.securityfocus.com/bid/52051 http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2012-0233
https://notcve.org/view.php?id=CVE-2012-0233
Cross-site scripting (XSS) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via a malformed URL. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Advantech/Broadwin WebAccess antes de v7.0 permite a atacantes remotos ejecutar secuencias de comandos web o HTML a través de una dirección URL incorrecta. • http://www.securityfocus.com/bid/52051 http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •