Vulnerabilities > Advantech > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-11-21 | CVE-2014-8388 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Advantech Webaccess Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin WebAccess, before 8.0 allows remote attackers to execute arbitrary code via a crafted ip_address parameter in an HTML document. | 7.2 |
| 2014-07-19 | CVE-2014-2364 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Advantech Webaccess 5.0/6.0/7.0 Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4) CCDParameter, (5) SetColor, (6) AlarmImage, (7) GetParameter, (8) GetColor, (9) ServerResponse, (10) SetBaud, or (11) IPAddress parameter to an ActiveX control in (a) webvact.ocx, (b) dvs.ocx, or (c) webdact.ocx. | 7.5 |
| 2014-04-12 | CVE-2014-0773 | Security Bypass vulnerability in Advantech Webaccess 5.0/6.0/7.0 The CreateProcess method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to execute (1) setup.exe, (2) bwvbprt.exe, and (3) bwvbprtl.exe programs from arbitrary pathnames via a crafted argument, as demonstrated by a UNC share pathname. | 7.5 |
| 2014-04-12 | CVE-2014-0770 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Advantech Webaccess 5.0/6.0/7.0 Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long UserName parameter. | 7.5 |
| 2014-04-12 | CVE-2014-0768 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Advantech Webaccess 5.0/6.0/7.0 Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long AccessCode2 argument. | 7.5 |
| 2014-04-12 | CVE-2014-0767 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Advantech Webaccess 5.0/6.0/7.0 Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long AccessCode argument. | 7.5 |
| 2014-04-12 | CVE-2014-0766 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Advantech Webaccess 5.0/6.0/7.0 Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long NodeName2 argument. | 7.5 |
| 2014-04-12 | CVE-2014-0765 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Advantech Webaccess 5.0/6.0/7.0 Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long GotoCmd argument. | 7.5 |
| 2014-04-12 | CVE-2014-0764 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Advantech Webaccess 5.0/6.0/7.0 Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long NodeName parameter. | 7.5 |
| 2014-04-12 | CVE-2014-0763 | SQL Injection vulnerability in Advantech Webaccess 5.0/6.0/7.0 Multiple SQL injection vulnerabilities in DBVisitor.dll in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary SQL commands via SOAP requests to unspecified functions. | 7.5 |