Page 7 of 97 results (0.009 seconds)

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 1

WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API. WADashboard API en Advantech WebAccess 8.3.1 y 8.3.2 permite que atacantes autenticados remotos lean cualquier archivo del sistema de archivos debido a una vulnerabilidad de salto de directorio en la API readFile. • https://www.tenable.com/security/research/tra-2018-35 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 2

Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. An attacker could leverage this vulnerability to disclose credentials amongst other things. Advantech WebAccess 8.3.1 y 8.3.2 son vulnerables a Cross-Site Scripting (XSS) en la página Bwmainleft.asp. Un atacante podría aprovechar esta vulnerabilidad para divulgar credenciales, entre otras cosas. Advantech WebAccess SCADA version 8.3.2 suffers from a code execution vulnerability. • https://www.exploit-db.com/exploits/45774 https://www.tenable.com/security/research/tra-2018-35 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0

WebAccess Versions 8.3.2 and prior. During installation, the application installer disables user access control and does not re-enable it after the installation is complete. This could allow an attacker to run elevated arbitrary code. WebAccess en versiones 8.3.2 y anteriores. Durante la instalación, el instalador de la aplicación deshabilita el control de acceso de los usuario y no lo rehabilita tras completar la instalación. • http://www.securityfocus.com/bid/105736 http://www.securitytracker.com/id/1041957 https://ics-cert.us-cert.gov/advisories/ICSA-18-298-02 • CWE-284: Improper Access Control •

CVSS: 9.3EPSS: 8%CPEs: 1EXPL: 0

WebAccess Versions 8.3.2 and prior. The application fails to properly validate the length of user-supplied data, causing a buffer overflow condition that allows for arbitrary remote code execution. WebAccess en versiones 8.3.2 y anteriores. La aplicación no valida correctamente la longitud de los datos proporcionados por el usuario, provocando una condición de desbordamiento de búfer que permite la ejecución remota de código. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Client. • http://www.securityfocus.com/bid/105736 http://www.securitytracker.com/id/1041957 https://ics-cert.us-cert.gov/advisories/ICSA-18-298-02 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code. Advantech WebAccess 8.3.1 y anteriores tiene una vulnerabilidad de salto de directorio que podría permitir que un atacante ejecute código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. • http://www.securityfocus.com/bid/105728 http://www.securitytracker.com/id/1041939 https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01%2C • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •