Lucene search
K

1697 matches found

CNVD
CNVD
added 2020/04/08 12:0 a.m.2 views

Advantech WebAccess/NMS Path Traversal Vulnerability

Advantech WebAccess/NMS is a web browser based software suite for Network Management Systems NMS. A path traversal vulnerability exists in Advantech WebAccess/NMS versions prior to 3.0.2, which can be exploited by an attacker with a specially crafted URL to delete files beyond the control of the...

9.1CVSS6.8AI score0.14327EPSS
Exploits0References1
CNVD
CNVD
added 2020/04/08 12:0 a.m.1 views

Advantech WebAccess/NMS Authentication Missing Vulnerability

Advantech WebAccess/NMS is a web browser based software suite for Network Management Systems NMS. An authentication missing vulnerability exists in Advantech WebAccess/NMS, which can be exploited by an attacker to create a new administrator account...

9.8CVSS7AI score0.01624EPSS
Exploits0References1
CNVD
CNVD
added 2020/04/08 12:0 a.m.2 views

Advantech WebAccess/NMS Input Validation Error Vulnerability

Advantech WebAccess/NMS is a web browser based software suite for Network Management Systems NMS. An input validation error vulnerability exists in Advantech WebAccess/NMS, which can be exploited by an attacker to obtain sensitive information via specially crafted XML input...

7.5CVSS6.5AI score0.01231EPSS
Exploits0References1
CNVD
CNVD
added 2020/04/08 12:0 a.m.1 views

Advantech WebAccess/NMS Operating System Command Injection Vulnerability

Advantech WebAccess/NMS is a Web browser-based Network Management System NMS software package from Advantech, Taiwan, China. An operating system command injection vulnerability exists in Advantech WebAccess/NMS versions prior to 3.0.2, which stems from the program failing to clean up user input. ...

8.8CVSS7.5AI score0.01221EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2020/04/08 12:0 a.m.12 views

Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the updateClearedEventlogByID method of the...

7.5CVSS2.6AI score0.01263EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2020/04/08 12:0 a.m.15 views

Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the getDeviceName method of the DBUtil class...

7.5CVSS2.2AI score0.01263EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2020/04/08 12:0 a.m.21 views

Advantech WebAccess/NMS extProgramAction Unrestricted File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the extProgramAction.action endpoint. When parsing th...

9.8CVSS5.4AI score0.0159EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2020/04/08 12:0 a.m.9 views

Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the getEmsgroupIndex method of the DBUtil...

7.5CVSS2.4AI score0.01263EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2020/04/08 12:0 a.m.22 views

Advantech WebAccess/NMS DBBackupRestoreAction Unrestricted File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the DBBackupRestoreAction.action endpoint. When parsi...

9.8CVSS5.7AI score0.0159EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2020/04/08 12:0 a.m.16 views

Advantech WebAccess/NMS forcedScanDevice SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the forcedScanDevice.action endpoint. When...

7.5CVSS2.3AI score0.01263EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2020/04/08 12:0 a.m.13 views

Advantech WebAccess/NMS AccesslogAction SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the AccesslogAction.action endpoint. When...

7.5CVSS6.7AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2020/04/08 12:0 a.m.14 views

Advantech WebAccess/NMS mibBrowserSetAction SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the mibBrowserSetAction.action endpoint. When...

7.5CVSS2.4AI score0.01263EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2020/04/08 12:0 a.m.21 views

Advantech WebAccess/NMS TopogroupeditAction SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the TopogroupeditAction.action endpoint. When...

7.5CVSS2.2AI score0.01263EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2020/04/08 12:0 a.m.11 views

Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the getDeviceEvent method of the DBUtil class...

7.5CVSS1.1AI score0.01263EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2020/04/08 12:0 a.m.18 views

Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the getModelIdByModelName method of the DBUti...

7.5CVSS3.1AI score0.01263EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2020/04/08 12:0 a.m.28 views

Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the setTaskdevice method of the DBUtil class...

7.5CVSS2.6AI score0.01263EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2020/04/08 12:0 a.m.20 views

Advantech WebAccess/NMS setDevicechoose SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the processi...

6.5CVSS2.1AI score0.00922EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2020/04/08 12:0 a.m.14 views

Advantech WebAccess/NMS addLinkMonitor SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the addLinkMonitor method of the...

7.5CVSS2.5AI score0.01263EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2020/04/08 12:0 a.m.16 views

Advantech WebAccess/NMS DeviceData Performance SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the DeviceData/Performance endpoint. When...

7.5CVSS2AI score0.01263EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2020/04/08 12:0 a.m.15 views

Advantech WebAccess/NMS EMSgroupAction SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the EMSgroupAction.action endpoint. When...

7.5CVSS2.2AI score0.01263EPSS
Exploits0References1
Rows per page
Query Builder