Vulnerabilities > Advantech > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-01-15 | CVE-2016-0855 | Path Traversal vulnerability in Advantech Webaccess Directory traversal vulnerability in Advantech WebAccess before 8.1 allows remote attackers to list arbitrary virtual-directory files via unspecified vectors. | 5.0 |
| 2016-01-15 | CVE-2016-0853 | Information Exposure vulnerability in Advantech Webaccess Advantech WebAccess before 8.1 allows remote attackers to obtain sensitive information via crafted input. | 5.0 |
| 2016-01-15 | CVE-2016-0852 | Permissions, Privileges, and Access Controls vulnerability in Advantech Webaccess Advantech WebAccess before 8.1 allows remote attackers to bypass an intended administrative requirement and obtain file or folder access via unspecified vectors. | 5.0 |
| 2016-01-15 | CVE-2015-3947 | SQL Injection vulnerability in Advantech Webaccess SQL injection vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
| 2016-01-15 | CVE-2015-3946 | Cross-Site Request Forgery (CSRF) vulnerability in Advantech Webaccess Cross-site request forgery (CSRF) vulnerability in Advantech WebAccess before 8.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |
| 2016-01-15 | CVE-2015-3943 | Information Exposure vulnerability in Advantech Webaccess Advantech WebAccess before 8.1 allows remote attackers to read sensitive cleartext information about e-mail project accounts via unspecified vectors. | 5.0 |
| 2015-09-28 | CVE-2014-9202 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Advantech Webaccess 8.0 Multiple stack-based buffer overflows in an unspecified DLL file in Advantech WebAccess before 8.0_20150816 allow remote attackers to execute arbitrary code via a crafted file that triggers long string arguments to functions. | 6.9 |
| 2014-09-20 | CVE-2014-0992 | Buffer Errors vulnerability in Advantech Webaccess 7.2 Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the password parameter. | 6.8 |
| 2014-09-20 | CVE-2014-0991 | Buffer Errors vulnerability in Advantech Webaccess 7.2 Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the projectname parameter. | 6.8 |
| 2014-09-20 | CVE-2014-0990 | Buffer Errors vulnerability in Advantech Webaccess 7.2 Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the UserName parameter. | 6.8 |