Vulnerabilities > Advantech > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-09-20 | CVE-2014-0986 | Buffer Errors vulnerability in Advantech Webaccess 7.2 Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the GotoCmd parameter. | 6.8 |
| 2014-09-20 | CVE-2014-0985 | Buffer Errors vulnerability in Advantech Webaccess 7.2 Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName parameter. | 6.8 |
| 2014-07-19 | CVE-2014-2368 | Information Exposure vulnerability in Advantech Webaccess 5.0/6.0/7.0 The BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call. | 5.0 |
| 2014-07-19 | CVE-2014-2367 | Information Exposure vulnerability in Advantech Webaccess 5.0/6.0/7.0 The ChkCookie subroutine in an ActiveX control in broadweb/include/gChkCook.asp in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call. | 4.3 |
| 2014-07-19 | CVE-2014-2366 | Information Exposure vulnerability in Advantech Webaccess 5.0/6.0/7.0 upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code. | 4.0 |
| 2014-07-19 | CVE-2014-2365 | Remote Code Execution vulnerability in Advantech Webaccess 5.0/6.0/7.0 Unspecified vulnerability in Advantech WebAccess before 7.2 allows remote authenticated users to create or delete arbitrary files via unknown vectors. | 5.5 |
| 2014-04-12 | CVE-2014-0772 | Information Exposure vulnerability in Advantech Webaccess 5.0/6.0/7.0 The OpenUrlToBufferTimeout method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a file: URL. | 5.0 |
| 2014-04-12 | CVE-2014-0771 | Information Exposure vulnerability in Advantech Webaccess 5.0/6.0/7.0 The OpenUrlToBuffer method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a file: URL. | 5.0 |
| 2012-02-21 | CVE-2012-1235 | Cross-Site Request Forgery (CSRF) vulnerability in Advantech Webaccess 5.0/6.0 Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. | 6.0 |
| 2012-02-21 | CVE-2012-1234 | SQL Injection vulnerability in Advantech Webaccess 5.0/6.0 SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to execute arbitrary SQL commands via a malformed URL. | 6.5 |