CVE-2019-3954
https://notcve.org/view.php?id=CVE-2019-3954
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 81024 RPC call. Un desbordamiento de búfer en la región stack de la memoria en WebAccess/SCADA de Advantech versión 8.4.0, permite que un atacante remoto no autenticado ejecute código arbitrario mediante el envío de una llamada RPC IOCTL 81024 creada. • https://www.tenable.com/security/research/tra-2019-28 • CWE-787: Out-of-bounds Write •
CVE-2019-3953
https://notcve.org/view.php?id=CVE-2019-3953
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 10012 RPC call. Un desbordamiento de búfer en la región stack de la memoria en WebAccess/SCADA de Advantech versión 8.4.0, permite que un atacante remoto no autenticado, ejecute un código arbitrario mediante el envío de una llamada RPC IOCTL 10012 creada. • https://www.tenable.com/security/research/tra-2019-17 https://www.tenable.com/security/research/tra-2019-28 • CWE-787: Out-of-bounds Write •
CVE-2019-7219
https://notcve.org/view.php?id=CVE-2019-7219
Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; however, some former Zarafa Webapp customers use the related Kopano product instead. Reflected Cross-Site Scripting (XSS) no autenticados se presenta en Zarafa Webapp versión 2.0.1.47791 y anteriores. NOTA: este es un producto descontinuado. • https://github.com/verifysecurity/CVE-2019-7219 https://stash.kopano.io/repos?visibility=public • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-3941
https://notcve.org/view.php?id=CVE-2019-3941
Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to delete arbitrary files via IOCTL 10005 RPC. Advantech WebAccess en la versión 8.3.4, permite a los atacantes remotos no autenticados eliminar archivos arbitrarios mediante IOCTL 10005 RPC. • http://www.securityfocus.com/bid/107847 https://www.tenable.com/security/research/tra-2019-15 • CWE-306: Missing Authentication for Critical Function •
CVE-2019-3940
https://notcve.org/view.php?id=CVE-2019-3940
Advantech WebAccess 8.3.4 is vulnerable to file upload attacks via unauthenticated RPC call. An unauthenticated, remote attacker can use this vulnerability to execute arbitrary code. Advantech WebAccess versión 8.3.4 es vulnerable a ataques de carga de archivos por medio de una llamada RPC no autenticada. Un atacante remoto no autenticado puede usar esta vulnerabilidad para ejecutar código arbitrario. • http://www.securityfocus.com/bid/107847 https://www.tenable.com/security/research/tra-2019-15 • CWE-434: Unrestricted Upload of File with Dangerous Type •