449 matches found
CVE-2025-46704
A vulnerability exists in Advantech iView in NetworkServlet.processImportRequest that could allow for a directory traversal attack. This issue requires an authenticated attacker with at least user-level privileges. A specific parameter is not properly sanitized or normalized, potentially allowing...
CVE-2025-41442
A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting XSS attack. By manipulating certain input parameters, an attacker could execute unauthorized scripts in the user's browser, potentially leading to information disclosu...
CVE-2025-41442
A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting XSS attack. By manipulating certain input parameters, an attacker could execute unauthorized scripts in the user's browser, potentially leading to information disclosu...
Advantech iView SQL注入漏洞
Advantech iView is a Simple Network Protocol SNMP based software from Advantech, China to manage B + B SmartWorx devices. An SQL injection vulnerability exists in Advantech iView, which can be exploited by an attacker to perform SQL injection and execute code in the context of the 'nt...
Advantech iView 跨站脚本漏洞
Advantech iView is a Simple Network Protocol SNMP based software from Advantech, China to manage B + B SmartWorx devices. A cross-site scripting vulnerability exists in Advantech iView due to improper validation of user-supplied input. An attacker could use this vulnerability to execute...
Advantech iView 路径遍历漏洞
Advantech iView is a Simple Network Protocol SNMP based software from Advantech, China to manage B + B SmartWorx devices. A path traversal vulnerability exists in Advantech iView due to an error in NetworkServlet.processImportRequest. error in NetworkServlet.processImportRequest. An attacker coul...
Advantech iView SQL注入漏洞
Advantech iView is a Simple Network Protocol SNMP based software from Advantech, China to manage B + B SmartWorx devices. An SQL injection vulnerability exists in the Advantech iView CUtils.checkSQLInjection function, which can be exploited by an attacker to cause an information disclosure or...
CVE-2025-53509
Advantech iView contains an argument-injection vulnerability in NetworkServlet.restoreDatabase(), exploitable by an authenticated user with at least user-level privileges. An input parameter can be used directly in a command without sanitization, enabling arbitrary arguments and potentially leadi...
CVE-2025-53509 Advantech iView Argument Injection
A vulnerability exists in Advantech iView that allows for argument injection in the NetworkServlet.restoreDatabase. This issue requires an authenticated attacker with at least user-level privileges. An input parameter can be used directly in a command without proper sanitization, allowing arbitra...
CVE-2025-53509 Advantech iView Argument Injection
A vulnerability exists in Advantech iView that allows for argument injection in the NetworkServlet.restoreDatabase. This issue requires an authenticated attacker with at least user-level privileges. An input parameter can be used directly in a command without proper sanitization, allowing arbitra...
CVE-2025-52459 Advantech iView Argument Injection
A vulnerability exists in Advantech iView that allows for argument injection in NetworkServlet.backupDatabase. This issue requires an authenticated attacker with at least user-level privileges. Certain parameters can be used directly in a command without proper sanitization, allowing arbitrary...
CVE-2025-52459 Advantech iView Argument Injection
A vulnerability exists in Advantech iView that allows for argument injection in NetworkServlet.backupDatabase. This issue requires an authenticated attacker with at least user-level privileges. Certain parameters can be used directly in a command without proper sanitization, allowing arbitrary...
CVE-2025-52459
Advantech iView contains a vulnerability in the NetworkServlet.backupDatabase() function where certain parameters can be injected into commands due to improper sanitization. An authenticated attacker with user-level privileges could inject arbitrary arguments, potentially leading to information d...
CVE-2025-53515
Advantech iView is affected by CVE-2025-53515. The vulnerability exists in NetworkServlet.archiveTrap() and enables SQL injection with remote code execution. An authenticated attacker with at least user-level privileges can exploit insufficient input sanitization to perform SQL injection and pote...
CVE-2025-53515 Advantech iView SQL Injection
A vulnerability exists in Advantech iView that allows for SQL injection and remote code execution through NetworkServlet.archiveTrap. This issue requires an authenticated attacker with at least user-level privileges. Certain input parameters are not sanitized, allowing an attacker to perform SQL...
CVE-2025-53515 Advantech iView SQL Injection
A vulnerability exists in Advantech iView that allows for SQL injection and remote code execution through NetworkServlet.archiveTrap. This issue requires an authenticated attacker with at least user-level privileges. Certain input parameters are not sanitized, allowing an attacker to perform SQL...
CVE-2025-52577 Advantech iView SQL Injection
A vulnerability exists in Advantech iView that could allow SQL injection and remote code execution through NetworkServlet.archiveTrapRange. This issue requires an authenticated attacker with at least user-level privileges. Certain input parameters are not properly sanitized, allowing an attacker ...
CVE-2025-52577 Advantech iView SQL Injection
A vulnerability exists in Advantech iView that could allow SQL injection and remote code execution through NetworkServlet.archiveTrapRange. This issue requires an authenticated attacker with at least user-level privileges. Certain input parameters are not properly sanitized, allowing an attacker ...
CVE-2025-52577
Advantech iView is affected by a vulnerability in NetworkServlet.archiveTrapRange() that enables SQL injection and potential remote code execution. An authenticated attacker with at least user-level privileges can exploit unsanitized input parameters to execute code in the context of the nt autho...
CVE-2025-53475 Advantech iView SQL Injection
A vulnerability exists in Advantech iView that could allow for SQL injection and remote code execution through NetworkServlet.getNextTrapPage. This issue requires an authenticated attacker with at least user-level privileges. Certain parameters in this function are not properly sanitized, allowin...