Vulnerabilities > Advantech > Webaccess > High

DATE CVE VULNERABILITY TITLE RISK
2017-08-30 CVE-2017-12717 Uncontrolled Search Path Element vulnerability in Advantech Webaccess
An Uncontrolled Search Path Element issue was discovered in Advantech WebAccess versions prior to V8.2_20170817.
local
low complexity
advantech CWE-427
7.8
2017-08-30 CVE-2017-12713 Incorrect Permission Assignment for Critical Resource vulnerability in Advantech Webaccess
An Incorrect Permission Assignment for Critical Resource issue was discovered in Advantech WebAccess versions prior to V8.2_20170817.
local
low complexity
advantech CWE-732
7.8
2017-08-30 CVE-2017-12711 Unspecified vulnerability in Advantech Webaccess
An Incorrect Privilege Assignment issue was discovered in Advantech WebAccess versions prior to V8.2_20170817.
local
low complexity
advantech
7.8
2017-08-30 CVE-2017-12710 SQL Injection vulnerability in Advantech Webaccess
A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817.
network
low complexity
advantech CWE-89
7.5
2017-08-30 CVE-2017-12704 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Advantech Webaccess
A heap-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817.
network
low complexity
advantech CWE-119
8.8
2017-08-30 CVE-2017-12702 Use of Externally-Controlled Format String vulnerability in Advantech Webaccess
An Externally Controlled Format String issue was discovered in Advantech WebAccess versions prior to V8.2_20170817.
network
low complexity
advantech CWE-134
8.8
2017-05-06 CVE-2017-7929 Path Traversal vulnerability in Advantech Webaccess
An Absolute Path Traversal issue was discovered in Advantech WebAccess Version 8.1 and prior.
network
low complexity
advantech CWE-22
7.1
2016-01-15 CVE-2016-0860 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Advantech Webaccess
Buffer overflow in the BwpAlarm subsystem in Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service via a crafted RPC request.
network
low complexity
advantech CWE-119
7.5
2016-01-15 CVE-2016-0858 Race Condition vulnerability in Advantech Webaccess
Race condition in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted request.
network
high complexity
advantech CWE-362
8.1
2016-01-15 CVE-2016-0855 Path Traversal vulnerability in Advantech Webaccess
Directory traversal vulnerability in Advantech WebAccess before 8.1 allows remote attackers to list arbitrary virtual-directory files via unspecified vectors.
network
low complexity
advantech CWE-22
7.5