56 matches found
EUVD-2011-4448
Malware in sbrugna...
EUVD-2012-0269
Malware in sbrugna...
EUVD-2011-4450
Malware in sbrugna...
EUVD-2012-1260
Malware in sbrugna...
EUVD-2011-4451
Malware in sbrugna...
EUVD-2011-4449
Malware in sbrugna...
BroadWin WebAccess Version Detection
Detection of BroadWin WebAccess. The script sends a connection request to the server and attempts to extract the version number from the reply. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective righ...
CVE-2014-0985
Advantech WebAccess 7.2 contains multiple stack-based buffer overflow vulnerabilities (CVE-2014-0985 through CVE-2014-0992) in ActiveX/ parsing code (notably NodeName, GotoCmd, NodeName2, AccessCode, AccessCode2, UserName, projectname, and password parameters). According to Core Security CORE-201...
CVE-2013-2299
CVE-2013-2299 affects Advantech WebAccess (formerly BroadWin WebAccess) prior to version 7.1 (2013-05-30). The vulnerability is a Cross-site Scripting (XSS) flaw that allows remote authenticated users to inject arbitrary HTML/script via unspecified vectors. NVD lists CVSSv2: base score 3.5 (low) ...
CVE-2012-1235
Cross-site request forgery CSRF vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0235...
CVE-2012-0236
Advantech/BroadWin WebAccess 7.0 and earlier allows remote attackers to obtain sensitive information via a direct request to a URL. NOTE: the vendor reportedly "does not consider it to be a security risk."...
CVE-2012-0235
Cross-site request forgery CSRF vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...
CVE-2012-1234
SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to execute arbitrary SQL commands via a malformed URL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0234...
CVE-2012-0238
Stack-based buffer overflow in opcImg.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via unspecified vectors...
CVE-2011-4526
Buffer overflow in an ActiveX control in Advantech/BroadWin WebAccess before 7.0 might allow remote attackers to execute arbitrary code via a long string value in unspecified parameters...
CVE-2011-4524
Buffer overflow in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via a long string value in unspecified parameters...
CVE-2011-4522
Cross-site scripting XSS vulnerability in bwerrdn.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters...
CVE-2011-4521
SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via crafted string input...
Sql injection
Multiple SQL injection vulnerabilities in Advantech/BroadWin WebAccess before 7.0 allow remote attackers to execute arbitrary SQL commands via crafted string input...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0235...