Vulnerabilities > Advantech
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-04-12 | CVE-2014-0766 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Advantech Webaccess 5.0/6.0/7.0 Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long NodeName2 argument. | 7.5 |
2014-04-12 | CVE-2014-0765 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Advantech Webaccess 5.0/6.0/7.0 Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long GotoCmd argument. | 7.5 |
2014-04-12 | CVE-2014-0764 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Advantech Webaccess 5.0/6.0/7.0 Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long NodeName parameter. | 7.5 |
2014-04-12 | CVE-2014-0763 | SQL Injection vulnerability in Advantech Webaccess 5.0/6.0/7.0 Multiple SQL injection vulnerabilities in DBVisitor.dll in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary SQL commands via SOAP requests to unspecified functions. | 7.5 |
2013-08-22 | CVE-2013-2299 | Cross-Site Scripting vulnerability in Advantech Webaccess 5.0/6.0/7.0 Cross-site scripting (XSS) vulnerability in Advantech WebAccess (formerly BroadWin WebAccess) before 7.1 2013.05.30 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2013-03-11 | CVE-2013-1627 | Path Traversal vulnerability in multiple products Absolute path traversal vulnerability in NTWebServer.exe in Indusoft Studio 7.0 and earlier and Advantech Studio 7.0 and earlier allows remote attackers to read arbitrary files via a full pathname in an argument to the sub_401A90 CreateFileW function. | 7.8 |
2012-02-21 | CVE-2012-1235 | Cross-Site Request Forgery (CSRF) vulnerability in Advantech Webaccess 5.0/6.0 Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. | 6.0 |
2012-02-21 | CVE-2012-1234 | SQL Injection vulnerability in Advantech Webaccess 5.0/6.0 SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to execute arbitrary SQL commands via a malformed URL. | 6.5 |
2012-02-21 | CVE-2012-0244 | SQL Injection vulnerability in Advantech Webaccess 5.0/6.0 Multiple SQL injection vulnerabilities in Advantech/BroadWin WebAccess before 7.0 allow remote attackers to execute arbitrary SQL commands via crafted string input. | 7.5 |
2012-02-21 | CVE-2012-0243 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Advantech Webaccess 5.0/6.0 Buffer overflow in an ActiveX control in bwocxrun.ocx in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code by leveraging the ability to write arbitrary content to any pathname. | 10.0 |