CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5817
https://notcve.org/view.php?id=CVE-2016-5817
22 Aug 2016 — SQL injection vulnerability in news pages in Cargotec Navis WebAccess before 2016-08-10 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en páginas de noticias en Cargotec Navis WebAccess en versiones anteriores a 2016-08-10 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados. • https://ics-cert.us-cert.gov/advisories/ICSA-16-231-01 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 25%CPEs: 1EXPL: 1CVE-2016-5810 – Advantech WebAccess upAdminPg Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2016-5810
18 Jul 2016 — upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive password information via unspecified vectors. UpAdminPg.asp en Advantech WebAccess versiones anteriores a 8.1_20160519 permite a los administradores autenticados remotos obtener información sensible de contraseñas a través de vectores no especificados. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess. Authentica... • https://packetstorm.news/files/id/180697 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4525
https://notcve.org/view.php?id=CVE-2016-4525
25 Jun 2016 — Unspecified ActiveX controls in Advantech WebAccess before 8.1_20160519 allow remote authenticated users to obtain sensitive information or modify data via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag. Controles ActiveX no especificados en Advantech WebAccess en versiones anteriores a 8.1_20160519 permiten a usuarios remotos autenticados obtener información sensible o modificar datos a través de vectores desconocidos, relacionado con el indicador INTERFACE... • https://ics-cert.us-cert.gov/advisories/ICSA-16-173-01 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4528
https://notcve.org/view.php?id=CVE-2016-4528
25 Jun 2016 — Buffer overflow in Advantech WebAccess before 8.1_20160519 allows local users to cause a denial of service via a crafted DLL file. Desbordamiento de buffer en Advantech WebAccess en versiones anteriores a 8.1_20160519 permite a usuarios locales provocar una denegación de servicio a través de un archivo DLL manipulado. • https://ics-cert.us-cert.gov/advisories/ICSA-16-173-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 60%CPEs: 1EXPL: 1CVE-2016-0856 – Advantech WebAccess datacore Service datacore.exe AlarmMessage sprintf Stack-Based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-0856
15 Jan 2016 — Multiple stack-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors. Múltiples desbordamientos de buffer basado en pila en Advantech WebAccess en versiones anteriores a 8.1 permiten a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vul... • https://packetstorm.news/files/id/146976 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 3%CPEs: 1EXPL: 0CVE-2016-0855 – Advantech WebAccess Dashboard Viewer openWidget Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2016-0855
15 Jan 2016 — Directory traversal vulnerability in Advantech WebAccess before 8.1 allows remote attackers to list arbitrary virtual-directory files via unspecified vectors. Vulnerabilidad de salto de directorio en Advantech WebAccess en versiones anteriores a 8.1 permite a atacantes remotos listar archivos virtuales del directorio virtual a través de vectores no especificados. This vulnerability allows remote attackers to disclose arbitrary file contents on vulnerable installations of Advantech WebAccess. Authentication ... • http://www.zerodayinitiative.com/advisories/ZDI-16-122 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 73%CPEs: 1EXPL: 2CVE-2016-0854 – Advantech WebAccess Dashboard Viewer saveGeneralFile Arbitrary File Creation Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-0854
15 Jan 2016 — Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess Dashboard Viewer in Advantech WebAccess before 8.1 allows remote attackers to write to files of arbitrary types via unspecified vectors. Vulnerabilidad de carga de archivos sin restricciones en la función uploadImageCommon en el script UploadAjaxAction en la WebAccess Dashboard Viewer en Advantech WebAccess en versiones anteriores a 8.1 permite a atacantes remotos escribir en archivos de ... • https://packetstorm.news/files/id/136769 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3946
https://notcve.org/view.php?id=CVE-2015-3946
15 Jan 2016 — Cross-site request forgery (CSRF) vulnerability in Advantech WebAccess before 8.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Vulnerabilidad de CSRF en Advantech WebAccess en versiones anteriores a 8.1 permite a atacantes remotos secuestrar la autenticación de víctimas no especificadas a través de vectores desconocidos. • https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3948
https://notcve.org/view.php?id=CVE-2015-3948
15 Jan 2016 — Cross-site scripting (XSS) vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Advantech WebAccess en versiones anteriores a 8.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-0852
https://notcve.org/view.php?id=CVE-2016-0852
15 Jan 2016 — Advantech WebAccess before 8.1 allows remote attackers to bypass an intended administrative requirement and obtain file or folder access via unspecified vectors. Advantech WebAccess en versiones anteriores a 8.1 permite a atacantes remotos eludir un requerimiento destinado a la administración y obtener acceso a archivos o carpetas a través de vectores no especificados. • https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01 • CWE-264: Permissions, Privileges, and Access Controls •