NotCVE - vendor:"Advantech" product:"Webaccess" version:" <= 8.1"

Page 8 of 93 results (0.005 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-5817

https://notcve.org/view.php?id=CVE-2016-5817

22 Aug 2016 — SQL injection vulnerability in news pages in Cargotec Navis WebAccess before 2016-08-10 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en páginas de noticias en Cargotec Navis WebAccess en versiones anteriores a 2016-08-10 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados. • https://ics-cert.us-cert.gov/advisories/ICSA-16-231-01 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.8EPSS: 25%CPEs: 1EXPL: 1

CVE-2016-5810 – Advantech WebAccess upAdminPg Information Disclosure Vulnerability

https://notcve.org/view.php?id=CVE-2016-5810

18 Jul 2016 — upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive password information via unspecified vectors. UpAdminPg.asp en Advantech WebAccess versiones anteriores a 8.1_20160519 permite a los administradores autenticados remotos obtener información sensible de contraseñas a través de vectores no especificados. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess. Authentica... • https://packetstorm.news/files/id/180697 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-4525

https://notcve.org/view.php?id=CVE-2016-4525

25 Jun 2016 — Unspecified ActiveX controls in Advantech WebAccess before 8.1_20160519 allow remote authenticated users to obtain sensitive information or modify data via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag. Controles ActiveX no especificados en Advantech WebAccess en versiones anteriores a 8.1_20160519 permiten a usuarios remotos autenticados obtener información sensible o modificar datos a través de vectores desconocidos, relacionado con el indicador INTERFACE... • https://ics-cert.us-cert.gov/advisories/ICSA-16-173-01 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-4528

https://notcve.org/view.php?id=CVE-2016-4528

25 Jun 2016 — Buffer overflow in Advantech WebAccess before 8.1_20160519 allows local users to cause a denial of service via a crafted DLL file. Desbordamiento de buffer en Advantech WebAccess en versiones anteriores a 8.1_20160519 permite a usuarios locales provocar una denegación de servicio a través de un archivo DLL manipulado. • https://ics-cert.us-cert.gov/advisories/ICSA-16-173-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-3943

https://notcve.org/view.php?id=CVE-2015-3943

15 Jan 2016 — Advantech WebAccess before 8.1 allows remote attackers to read sensitive cleartext information about e-mail project accounts via unspecified vectors. Advantech WebAccess en versiones anteriores a 8.1 permite a atacantes remotos leer información sensible en texto plano sobre cuentas de proyecto de correos electrónicos a través de vectores no especificados. • https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-3946

https://notcve.org/view.php?id=CVE-2015-3946

15 Jan 2016 — Cross-site request forgery (CSRF) vulnerability in Advantech WebAccess before 8.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Vulnerabilidad de CSRF en Advantech WebAccess en versiones anteriores a 8.1 permite a atacantes remotos secuestrar la autenticación de víctimas no especificadas a través de vectores desconocidos. • https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-3947

https://notcve.org/view.php?id=CVE-2015-3947

15 Jan 2016 — SQL injection vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en Advantech WebAccess en versiones anteriores a 8.1 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados. • https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-3948

https://notcve.org/view.php?id=CVE-2015-3948

15 Jan 2016 — Cross-site scripting (XSS) vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Advantech WebAccess en versiones anteriores a 8.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-6467

https://notcve.org/view.php?id=CVE-2015-6467

15 Jan 2016 — Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code via vectors involving a browser plugin. Advantech WebAccess en versiones anteriores a 8.1 permite a atacantes remotos ejecutar código arbitrario a través de vectores involucrados con un plugin del navegador. • https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01 •

CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-0851 – Advantech WebAccess webvrpcs Service BwOpcSvc.dll sprintf Uncontrolled Format String Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2016-0851

15 Jan 2016 — Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service (out-of-bounds memory access) via unspecified vectors. Advantech WebAccess en versiones anteriores a 8.1 permite a atacantes remotos causar una denegación de servicio (acceso a memoria fuera de rango) a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The speci... • https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

1...6 7 8 9 10