Lucene search
K

1697 matches found

Cvelist
Cvelist
added 2014/04/12 1:0 a.m.25 views

CVE-2014-0771 Advantech WebAccess File and Directory Information Exposure

The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “OpenUrlToBuffer.” This method takes a URL as a parameter and returns its contents to the caller in JavaScript. The URLs are accessed in the security context of the current browser session. The control does not perform any URL validation...

7.5CVSS6.4AI score0.01409EPSS
Exploits1References3
Zero Day Initiative
Zero Day Initiative
added 2014/04/10 12:0 a.m.31 views

Advantech WebAccess DBVisitor.dll SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DBVisitor.dll component. Multiple SOAP requests implemented by the component a...

7.5CVSS7.7AI score0.19243EPSS
Exploits4References1
Zero Day Initiative
Zero Day Initiative
added 2014/04/10 12:0 a.m.27 views

Advantech WebAccess webvact.ocx NodeName2 Stack Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.5CVSS6.6AI score0.02672EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
added 2014/04/10 12:0 a.m.28 views

Advantech WebAccess webvact.ocx AccessCode Stack Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.5CVSS6.6AI score0.02672EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
added 2014/04/10 12:0 a.m.26 views

Advantech WebAccess webvact.ocx GotoCmd Stack Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.5CVSS6.6AI score0.02672EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
added 2014/04/10 12:0 a.m.30 views

Advantech WebAccess webvact.ocx NodeName Stack Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.5CVSS6.6AI score0.02672EPSS
Exploits1References1
NVD
NVD
added 2013/08/22 5:34 a.m.19 views

CVE-2013-2299

Cross-site scripting XSS vulnerability in Advantech WebAccess formerly BroadWin WebAccess before 7.1 2013.05.30 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5.2AI score0.01439EPSS
Exploits0References1
Prion
Prion
added 2013/08/22 5:34 a.m.18 views

Cross site scripting

Cross-site scripting XSS vulnerability in Advantech WebAccess formerly BroadWin WebAccess before 7.1 2013.05.30 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5.6AI score0.01439EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2013/08/22 1:0 a.m.56 views

CVE-2013-2299

CVE-2013-2299 affects Advantech WebAccess (formerly BroadWin WebAccess) prior to version 7.1 (2013-05-30). The vulnerability is a Cross-site Scripting (XSS) flaw that allows remote authenticated users to inject arbitrary HTML/script via unspecified vectors. NVD lists CVSSv2: base score 3.5 (low) ...

3.5CVSS5.3AI score0.01439EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2013/08/22 1:0 a.m.28 views

CVE-2013-2299

Cross-site scripting XSS vulnerability in Advantech WebAccess formerly BroadWin WebAccess before 7.1 2013.05.30 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

5.2AI score0.01439EPSS
Exploits0References1
Check Point Advisories
Check Point Advisories
added 2013/02/06 12:0 a.m.1 views

Advantech WebAccess HMI and SCADA Software Cross-Site Scripting

A cross site scripting vulnerability has been reported in Advantech WebAccess HMI/SCADA software. The vulnerability is due to improper validation of input passed via the 'ProjDesc' parameter. A remote attacker can exploit this vulnerability to execute arbitrary HTML and script code in a browser...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2013/01/08 12:0 a.m.27 views

Advantech WebAccess HMI/SCADA Cross Site Scripting

Title : Advantech WebAccess HMI/SCADA Software Persistence Cross-Site Scripting Vulnerability Author : Antu Sanadi SecPod Technologies www.secpod.com Vendor : http://webaccess.advantech.com/ Advisory : http://secpod.org/blog/?p=569...

0.5AI score
Exploits0
ICS
ICS
added 2012/11/19 7:0 a.m.75 views

Advantech WebAccess Vulnerabilities

OVERVIEW This advisory follows up on two previous ICS-CERT Alerts: “ICS-ALERT-11-245-01—Multiple ActiveX Vulnerabilities in Advantech BroadWin WebAccess,” published September 2, 2011.http://ics-cert.us-cert.gov/alerts/ICS-ALERT-11-245-01, ICS-ALERT-11-245-01, website last accessed February 15,...

10CVSS8.5AI score0.04305EPSS
Exploits0References10
NVD
NVD
added 2012/02/21 1:31 p.m.23 views

CVE-2011-4522

Cross-site scripting XSS vulnerability in bwerrdn.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters...

4.3CVSS5.7AI score0.00989EPSS
Exploits0References2
NVD
NVD
added 2012/02/06 8:55 p.m.20 views

CVE-2011-4041

webvrpcs.exe in Advantech/BroadWin WebAccess allows remote attackers to execute arbitrary code or obtain a security-code value via a long string in an RPC request to TCP port 4592...

10CVSS7.6AI score0.17905EPSS
Exploits1References7
Cvelist
Cvelist
added 2012/02/06 8:0 p.m.26 views

CVE-2011-4041

webvrpcs.exe in Advantech/BroadWin WebAccess allows remote attackers to execute arbitrary code or obtain a security-code value via a long string in an RPC request to TCP port 4592...

7.6AI score0.17905EPSS
Exploits1References7
securityvulns
securityvulns
added 2011/09/05 12:0 a.m.33 views

Vulnerabilities in BroadWin WebAccess Client 1.0.0.10

Luigi Auriemma Application: BroadWin WebAccess Client http://broadwin.com/Client.htm Versions: bwocxrun.ocx = 1.0.0.10 aka version 7.0 Platforms: Windows Bugs: A format string B arbitrary memory corruption Exploitation: remote Date: 02 Sep 2011 Author: Luigi Auriemma e-mail: [email protected]...

1.3AI score
Exploits0
Rows per page
Query Builder