Vulnerabilities > Advantech

DATE CVE VULNERABILITY TITLE RISK
2014-04-12 CVE-2014-0772 Information Exposure vulnerability in Advantech Webaccess 5.0/6.0/7.0
The OpenUrlToBufferTimeout method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a file: URL.
network
low complexity
advantech CWE-200
5.0
2014-04-12 CVE-2014-0771 Information Exposure vulnerability in Advantech Webaccess 5.0/6.0/7.0
The OpenUrlToBuffer method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a file: URL.
network
low complexity
advantech CWE-200
5.0
2014-04-12 CVE-2014-0770 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Advantech Webaccess 5.0/6.0/7.0
Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long UserName parameter.
network
low complexity
advantech CWE-119
7.5
2014-04-12 CVE-2014-0768 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Advantech Webaccess 5.0/6.0/7.0
Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long AccessCode2 argument.
network
low complexity
advantech CWE-119
7.5
2014-04-12 CVE-2014-0767 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Advantech Webaccess 5.0/6.0/7.0
Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long AccessCode argument.
network
low complexity
advantech CWE-119
7.5
2014-04-12 CVE-2014-0766 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Advantech Webaccess 5.0/6.0/7.0
Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long NodeName2 argument.
network
low complexity
advantech CWE-119
7.5
2014-04-12 CVE-2014-0765 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Advantech Webaccess 5.0/6.0/7.0
Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long GotoCmd argument.
network
low complexity
advantech CWE-119
7.5
2014-04-12 CVE-2014-0764 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Advantech Webaccess 5.0/6.0/7.0
Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long NodeName parameter.
network
low complexity
advantech CWE-119
7.5
2014-04-12 CVE-2014-0763 SQL Injection vulnerability in Advantech Webaccess 5.0/6.0/7.0
Multiple SQL injection vulnerabilities in DBVisitor.dll in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary SQL commands via SOAP requests to unspecified functions.
network
low complexity
advantech CWE-89
7.5
2013-08-22 CVE-2013-2299 Cross-Site Scripting vulnerability in Advantech Webaccess 5.0/6.0/7.0
Cross-site scripting (XSS) vulnerability in Advantech WebAccess (formerly BroadWin WebAccess) before 7.1 2013.05.30 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
advantech CWE-79
3.5