Page 6 of 93 results (0.008 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; however, some former Zarafa Webapp customers use the related Kopano product instead. Reflected Cross-Site Scripting (XSS) no autenticados se presenta en Zarafa Webapp versión 2.0.1.47791 y anteriores. NOTA: este es un producto descontinuado. • https://github.com/verifysecurity/CVE-2019-7219 https://stash.kopano.io/repos?visibility=public • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 0

Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-based buffer overflow vulnerabilities, caused by a lack of proper validation of the length of user-supplied data, may allow remote code execution. Advantech WebAccess/SCADA, en versiones 8.3.5 y anteriores. Múltiples vulnerabilidades de desbordamiento de búfer basado en pila, provocadas por la falta de una validación correcta de la longitud de los datos proporcionados, podrían permitir una ejecución remota de código. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. • https://ics-cert.us-cert.gov/advisories/ICSA-19-092-01 https://www.zerodayinitiative.com/advisories/ZDI-19-585 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command injection vulnerabilities, caused by a lack of proper validation of user-supplied data, may allow remote code execution. Advantech WebAccess/SCADA, en versiones 8.3.5 y anteriores. Múltiples vulnerabilidades de inyección de comandos, provocadas por la falta de una validación correcta de la longitud de los datos proporcionados, podrían permitir una ejecución remota de código. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. • https://ics-cert.us-cert.gov/advisories/ICSA-19-092-01 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

Advantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper access control vulnerability may allow an attacker to cause a denial-of-service condition. Advantech WebAccess/SCADA, en versiones 8.3.5 y anteriores. Una vulnerabilidad de control de acceso incorrecto podría permitir que un atacante provoque una condición de denegación de servicio (DoS). This vulnerability allows remote attackers to create a denial-of-service condition on vulnerable installations of Advantech WebAccess Node. • https://ics-cert.us-cert.gov/advisories/ICSA-19-092-01 • CWE-284: Improper Access Control •

CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0

WebAccess Versions 8.3.2 and prior. During installation, the application installer disables user access control and does not re-enable it after the installation is complete. This could allow an attacker to run elevated arbitrary code. WebAccess en versiones 8.3.2 y anteriores. Durante la instalación, el instalador de la aplicación deshabilita el control de acceso de los usuario y no lo rehabilita tras completar la instalación. • http://www.securityfocus.com/bid/105736 http://www.securitytracker.com/id/1041957 https://ics-cert.us-cert.gov/advisories/ICSA-18-298-02 • CWE-284: Improper Access Control •