52 matches found
Advantech WebAccess/NMS
1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: WebAccess/NMS Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to the exposure of resources or functionality and...
(0Day) Advantech WebAccess/NMS DashBoardAction Missing Authentication Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the DashBoardAction endpoint of the web server. The...
Advantech WebAccess/NMS MibBrowser SQL Injection Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the handleDeviceNameByIpAddress method of the...
Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the getDevices method of the DBUtil class. Wh...
Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the getSupportedDeviceByModel method of the...
Advantech WebAccess/NMS saveBackground SQL Injection Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the saveBackground.action endpoint. When...
Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the getDeviceName method of the DBUtil class...
Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the updateClearedEventlogByID method of the...
Advantech WebAccess/NMS download.jsp Directory Traversal Information Disclosure and Denial-of-Service Vulnerability
This vulnerability allows remote attackers to disclose sensitive information and delete arbitrary files on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the download.jsp...
Advantech WebAccess/NMS extProgramAction Unrestricted File Upload Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the extProgramAction.action endpoint. When parsing th...
Advantech WebAccess/NMS SupportDeviceaddAction Arbitrary File Upload Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the SupportDeviceaddAction.action endpoint. When...
Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the setTaskdevice method of the DBUtil class...
Advantech WebAccess/NMS LicenseImportAction Unrestricted File Upload Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the licenseImportAction.action endpoint. When parsing...
Advantech WebAccess/NMS FwStatusReportAction SQL Injection Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the FwStatusReportAction.action endpoint. Whe...
Advantech WebAccess/NMS AccesslogAction SQL Injection Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the AccesslogAction.action endpoint. When...
Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the getEmsgroupIndex method of the DBUtil...
Advantech WebAccess/NMS TopogroupeditAction SQL Injection Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the TopogroupeditAction.action endpoint. When...
Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the updateManageddevicetopo method of the...
Advantech WebAccess/NMS single-vlan-info SQL Injection Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the single-vlan-info endpoint. When parsing t...
Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the updateAckedEventlogByID method of the...