Vulnerabilities > Advantech > Webaccess > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-30 | CVE-2017-12702 | Use of Externally-Controlled Format String vulnerability in Advantech Webaccess An Externally Controlled Format String issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. | 6.8 |
| 2017-05-06 | CVE-2017-7929 | Path Traversal vulnerability in Advantech Webaccess An Absolute Path Traversal issue was discovered in Advantech WebAccess Version 8.1 and prior. | 5.5 |
| 2017-05-02 | CVE-2016-5810 | Information Exposure vulnerability in Advantech Webaccess upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive password information via unspecified vectors. | 4.0 |
| 2017-02-13 | CVE-2017-5152 | Improper Authentication vulnerability in Advantech Webaccess 8.1 An issue was discovered in Advantech WebAccess Version 8.1. | 6.4 |
| 2016-06-25 | CVE-2016-4528 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Advantech Webaccess Buffer overflow in Advantech WebAccess before 8.1_20160519 allows local users to cause a denial of service via a crafted DLL file. | 4.3 |
| 2016-01-15 | CVE-2016-0855 | Path Traversal vulnerability in Advantech Webaccess Directory traversal vulnerability in Advantech WebAccess before 8.1 allows remote attackers to list arbitrary virtual-directory files via unspecified vectors. | 5.0 |
| 2016-01-15 | CVE-2016-0853 | Information Exposure vulnerability in Advantech Webaccess Advantech WebAccess before 8.1 allows remote attackers to obtain sensitive information via crafted input. | 5.0 |
| 2016-01-15 | CVE-2016-0852 | Permissions, Privileges, and Access Controls vulnerability in Advantech Webaccess Advantech WebAccess before 8.1 allows remote attackers to bypass an intended administrative requirement and obtain file or folder access via unspecified vectors. | 5.0 |
| 2016-01-15 | CVE-2015-3947 | SQL Injection vulnerability in Advantech Webaccess SQL injection vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
| 2016-01-15 | CVE-2015-3946 | Cross-Site Request Forgery (CSRF) vulnerability in Advantech Webaccess Cross-site request forgery (CSRF) vulnerability in Advantech WebAccess before 8.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |