1697 matches found
CVE-2014-0771 Advantech WebAccess File and Directory Information Exposure
The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “OpenUrlToBuffer.” This method takes a URL as a parameter and returns its contents to the caller in JavaScript. The URLs are accessed in the security context of the current browser session. The control does not perform any URL validation...
Advantech WebAccess DBVisitor.dll SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DBVisitor.dll component. Multiple SOAP requests implemented by the component a...
Advantech WebAccess webvact.ocx NodeName2 Stack Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Advantech WebAccess webvact.ocx AccessCode Stack Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Advantech WebAccess webvact.ocx GotoCmd Stack Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Advantech WebAccess webvact.ocx NodeName Stack Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2013-2299
Cross-site scripting XSS vulnerability in Advantech WebAccess formerly BroadWin WebAccess before 7.1 2013.05.30 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in Advantech WebAccess formerly BroadWin WebAccess before 7.1 2013.05.30 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
CVE-2013-2299
CVE-2013-2299 affects Advantech WebAccess (formerly BroadWin WebAccess) prior to version 7.1 (2013-05-30). The vulnerability is a Cross-site Scripting (XSS) flaw that allows remote authenticated users to inject arbitrary HTML/script via unspecified vectors. NVD lists CVSSv2: base score 3.5 (low) ...
CVE-2013-2299
Cross-site scripting XSS vulnerability in Advantech WebAccess formerly BroadWin WebAccess before 7.1 2013.05.30 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
Advantech WebAccess HMI and SCADA Software Cross-Site Scripting
A cross site scripting vulnerability has been reported in Advantech WebAccess HMI/SCADA software. The vulnerability is due to improper validation of input passed via the 'ProjDesc' parameter. A remote attacker can exploit this vulnerability to execute arbitrary HTML and script code in a browser...
Advantech WebAccess HMI/SCADA Cross Site Scripting
Title : Advantech WebAccess HMI/SCADA Software Persistence Cross-Site Scripting Vulnerability Author : Antu Sanadi SecPod Technologies www.secpod.com Vendor : http://webaccess.advantech.com/ Advisory : http://secpod.org/blog/?p=569...
Advantech WebAccess Vulnerabilities
OVERVIEW This advisory follows up on two previous ICS-CERT Alerts: “ICS-ALERT-11-245-01—Multiple ActiveX Vulnerabilities in Advantech BroadWin WebAccess,” published September 2, 2011.http://ics-cert.us-cert.gov/alerts/ICS-ALERT-11-245-01, ICS-ALERT-11-245-01, website last accessed February 15,...
CVE-2011-4522
Cross-site scripting XSS vulnerability in bwerrdn.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters...
CVE-2011-4041
webvrpcs.exe in Advantech/BroadWin WebAccess allows remote attackers to execute arbitrary code or obtain a security-code value via a long string in an RPC request to TCP port 4592...
CVE-2011-4041
webvrpcs.exe in Advantech/BroadWin WebAccess allows remote attackers to execute arbitrary code or obtain a security-code value via a long string in an RPC request to TCP port 4592...
Vulnerabilities in BroadWin WebAccess Client 1.0.0.10
Luigi Auriemma Application: BroadWin WebAccess Client http://broadwin.com/Client.htm Versions: bwocxrun.ocx = 1.0.0.10 aka version 7.0 Platforms: Windows Bugs: A format string B arbitrary memory corruption Exploitation: remote Date: 02 Sep 2011 Author: Luigi Auriemma e-mail: [email protected]...