Lucene search
K

111 matches found

BDU FSTEC
BDU FSTEC
added 2025/07/24 12:0 a.m.21 views

The vulnerability of the NetworkServlet.getNextTrapPage() function in the system for centrally managing network devices and ports of Advantech iView allows a hacker to execute arbitrary code.

The vulnerability of the NetworkServlet.getNextTrapPage function in the system for centrally managing network devices and ports of Advantech iView is related to the lack of security measures for SQL query structures. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

9CVSS6.1AI score0.0428EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2025/07/24 12:0 a.m.7 views

Vulnerability of the NetworkServlet.archiveTrapRange() function in the system for centrally managing network devices and ports of Advantech iView. This vulnerability allows a attacker to execute arbitrary code.

The vulnerability of the NetworkServlet.archiveTrapRange function in the system for managing network devices and ports of Advantech iView is related to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

9CVSS6AI score0.005EPSS
Exploits0References3
CNVD
CNVD
added 2025/07/18 12:0 a.m.4 views

Advantech iView NetworkServlet.backupDatabase Function Parameter Injection Vulnerability

Advantech iView is a Simple Network Protocol SNMP based software from Advantech, China to manage B + B SmartWorx devices. The Advantech iView NetworkServlet.backupDatabase function parameter injection vulnerability can be exploited by an attacker to cause information disclosure, including sensiti...

7.1CVSS7.1AI score0.00282EPSS
Exploits0References1
CNVD
CNVD
added 2025/07/18 12:0 a.m.2 views

Advantech iView NetworkServlet.archiveTrap Function SQL Injection Vulnerability

Advantech iView is a Simple Network Protocol SNMP based software from Advantech, China to manage B + B SmartWorx devices. An SQL injection vulnerability exists in the Advantech iView NetworkServlet.archiveTrap function. An attacker can exploit this vulnerability to perform SQL injection and execu...

8.8CVSS8.3AI score0.005EPSS
Exploits0References1
CNVD
CNVD
added 2025/07/15 12:0 a.m.2 views

Advantech iView Parameter Injection Vulnerability

Advantech iView is a Simple Network Protocol SNMP based software from Advantech, China to manage B + B SmartWorx devices. A parameter injection vulnerability exists in Advantech iView, which originates from parameter injection in the NetworkServlet.restoreDatabase function and can be exploited by...

7.1CVSS7.1AI score0.00286EPSS
Exploits0References1
CNVD
CNVD
added 2025/07/15 12:0 a.m.6 views

Advantech iView SQL Injection Vulnerability (CNVD-2025-17828)

Advantech iView is a Simple Network Protocol SNMP based software from Advantech, China to manage B + B SmartWorx devices. The Advantech iView suffers from an SQL injection vulnerability that originates from improper parameter cleanup in the NetworkServlet.getNextTrapPage function, which can be...

8.8CVSS8.3AI score0.0428EPSS
Exploits0References1
CNVD
CNVD
added 2025/07/15 12:0 a.m.7 views

Advantech iView path traversal vulnerability (CNVD-2025-17831)

Advantech iView is a Simple Network Protocol SNMP based software from Advantech, China to manage B + B SmartWorx devices. A path traversal vulnerability exists in Advantech iView due to an error in NetworkServlet.processImportRequest. error in NetworkServlet.processImportRequest. An attacker coul...

5.3CVSS6.8AI score0.03317EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/13 12:40 a.m.17 views

CVE-2025-52459

A vulnerability exists in Advantech iView that allows for argument injection in NetworkServlet.backupDatabase. This issue requires an authenticated attacker with at least user-level privileges. Certain parameters can be used directly in a command without proper sanitization, allowing arbitrary...

7.1CVSS7.1AI score0.00282EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/13 12:39 a.m.13 views

CVE-2025-53509

A vulnerability exists in Advantech iView that allows for argument injection in the NetworkServlet.restoreDatabase. This issue requires an authenticated attacker with at least user-level privileges. An input parameter can be used directly in a command without proper sanitization, allowing arbitra...

7.1CVSS7.1AI score0.00286EPSS
Exploits0References1
OSV
OSV
added 2025/07/11 12:15 a.m.3 views

CVE-2025-53509

A vulnerability exists in Advantech iView that allows for argument injection in the NetworkServlet.restoreDatabase. This issue requires an authenticated attacker with at least user-level privileges. An input parameter can be used directly in a command without proper sanitization, allowing arbitra...

7.1CVSS5.8AI score0.00286EPSS
Exploits0References2
NVD
NVD
added 2025/07/11 12:15 a.m.7 views

CVE-2025-53509

A vulnerability exists in Advantech iView that allows for argument injection in the NetworkServlet.restoreDatabase. This issue requires an authenticated attacker with at least user-level privileges. An input parameter can be used directly in a command without proper sanitization, allowing arbitra...

7.1CVSS0.00286EPSS
Exploits0References2
OSV
OSV
added 2025/07/11 12:15 a.m.5 views

CVE-2025-53515

A vulnerability exists in Advantech iView that allows for SQL injection and remote code execution through NetworkServlet.archiveTrap. This issue requires an authenticated attacker with at least user-level privileges. Certain input parameters are not sanitized, allowing an attacker to perform SQL...

8.7CVSS6.5AI score0.005EPSS
Exploits0References2
OSV
OSV
added 2025/07/11 12:15 a.m.6 views

CVE-2025-52577

A vulnerability exists in Advantech iView that could allow SQL injection and remote code execution through NetworkServlet.archiveTrapRange. This issue requires an authenticated attacker with at least user-level privileges. Certain input parameters are not properly sanitized, allowing an attacker ...

8.7CVSS6.4AI score0.005EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/11 12:0 a.m.4 views

Advantech iView 参数注入漏洞

Advantech iView is a Simple Network Protocol SNMP based software from Advantech, China to manage B + B SmartWorx devices. The Advantech iView NetworkServlet.backupDatabase function parameter injection vulnerability can be exploited by an attacker to cause information disclosure, including sensiti...

7.1CVSS7AI score0.00282EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/07/10 11:28 p.m.7 views

CVE-2025-52459 Advantech iView Argument Injection

A vulnerability exists in Advantech iView that allows for argument injection in NetworkServlet.backupDatabase. This issue requires an authenticated attacker with at least user-level privileges. Certain parameters can be used directly in a command without proper sanitization, allowing arbitrary...

7.1CVSS0.00282EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/10 12:0 a.m.4 views

Advantech iView 参数注入漏洞

Advantech iView is a Simple Network Protocol SNMP based software from Advantech, China to manage B + B SmartWorx devices. A parameter injection vulnerability exists in Advantech iView, which originates from parameter injection in the NetworkServlet.restoreDatabase function and can be exploited by...

7.1CVSS6.7AI score0.00286EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/10 12:0 a.m.2 views

Advantech iView SQL注入漏洞

Advantech iView is a Simple Network Protocol SNMP based software from Advantech, China to manage B + B SmartWorx devices. The Advantech iView suffers from an SQL injection vulnerability that originates from improper parameter cleanup in the NetworkServlet.getNextTrapPage function, which can be...

8.8CVSS7.9AI score0.0428EPSS
Exploits0References4
Check Point Advisories
Check Point Advisories
added 2022/10/31 12:0 a.m.39 views

Advantech iView Command Injection (CVE-2022-2143)

A command injection vulnerability exists for Advantech iView. This vulnerability is due to improper input validation of the backupfilename parameter while updating NetworkServlet database...

3.3AI score0.59184EPSS
Exploits4
Metasploit
Metasploit
added 2022/08/29 6:2 p.m.308 views

Advantech iView NetworkServlet Command Injection

Versions of Advantech iView software below 5.7.04.6469 are vulnerable to an unauthenticated command injection vulnerability via the NetworkServlet endpoint. The database backup functionality passes a user-controlled parameter, backupfile to the mysqldump command. The sanitization functionality on...

9.8CVSS9.6AI score0.59184EPSS
Exploits4
0day.today
0day.today
added 2022/08/19 12:0 a.m.477 views

Advantech iView NetworkServlet Command Injection Exploit

Advantech iView software versions prior to 5.7.04.6469 are vulnerable to an unauthenticated command injection vulnerability via the NetworkServlet endpoint. The database backup functionality passes a user-controlled parameter, backupfile to the mysqldump command. The sanitization functionality on...

9.8CVSS10AI score0.59184EPSS
Exploits4
Rows per page
Query Builder