CVE-2019-7219
https://notcve.org/view.php?id=CVE-2019-7219
Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; however, some former Zarafa Webapp customers use the related Kopano product instead. Reflected Cross-Site Scripting (XSS) no autenticados se presenta en Zarafa Webapp versión 2.0.1.47791 y anteriores. NOTA: este es un producto descontinuado. • https://github.com/verifysecurity/CVE-2019-7219 https://stash.kopano.io/repos?visibility=public • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-6550 – Advantech WebAccess Node makensis Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-6550
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-based buffer overflow vulnerabilities, caused by a lack of proper validation of the length of user-supplied data, may allow remote code execution. Advantech WebAccess/SCADA, en versiones 8.3.5 y anteriores. Múltiples vulnerabilidades de desbordamiento de búfer basado en pila, provocadas por la falta de una validación correcta de la longitud de los datos proporcionados, podrían permitir una ejecución remota de código. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. • https://ics-cert.us-cert.gov/advisories/ICSA-19-092-01 https://www.zerodayinitiative.com/advisories/ZDI-19-585 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2019-6552 – Advantech WebAccess Node bwrunmie Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-6552
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command injection vulnerabilities, caused by a lack of proper validation of user-supplied data, may allow remote code execution. Advantech WebAccess/SCADA, en versiones 8.3.5 y anteriores. Múltiples vulnerabilidades de inyección de comandos, provocadas por la falta de una validación correcta de la longitud de los datos proporcionados, podrían permitir una ejecución remota de código. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. • https://ics-cert.us-cert.gov/advisories/ICSA-19-092-01 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2019-6554 – Advantech WebAccess Node UninstallWA Improper Access Control Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-6554
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper access control vulnerability may allow an attacker to cause a denial-of-service condition. Advantech WebAccess/SCADA, en versiones 8.3.5 y anteriores. Una vulnerabilidad de control de acceso incorrecto podría permitir que un atacante provoque una condición de denegación de servicio (DoS). This vulnerability allows remote attackers to create a denial-of-service condition on vulnerable installations of Advantech WebAccess Node. • https://ics-cert.us-cert.gov/advisories/ICSA-19-092-01 • CWE-284: Improper Access Control •
CVE-2018-15705 – Advantech WebAccess SCADA 8.3.2 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-15705
WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability to remotely execute arbitrary code. WADashboard API en Advantech WebAccess 8.3.1 y 8.3.2 permite que atacantes autenticados remotos escriban o sobrescriban cualquier archivo del sistema de archivos debido a una vulnerabilidad de salto de directorio en la API writeFile. Un atacante puede emplear esta vulnerabilidad para ejecutar código arbitrario de forma remota. Advantech WebAccess SCADA version 8.3.2 suffers from a code execution vulnerability. • https://www.exploit-db.com/exploits/45774 https://www.tenable.com/security/research/tra-2018-35 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •