Lucene search
+L

103 matches found

Prion
Prion
added 2012/02/21 1:31 p.m.19 views

Cross site scripting

Cross-site scripting XSS vulnerability in bwview.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters...

4.3CVSS6.2AI score0.00989EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2012/02/21 1:31 p.m.19 views

Buffer overflow

Buffer overflow in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via a long string value in unspecified parameters...

10CVSS8.5AI score0.04305EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2012/02/21 1:31 p.m.14 views

Code injection

Advantech/BroadWin WebAccess before 7.0 allows remote attackers to trigger the extraction of arbitrary web content into a batch file on a client system, and execute this batch file, via unspecified vectors...

10CVSS7.4AI score0.02152EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2012/02/21 1:31 p.m.32 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0235...

6CVSS6.9AI score0.0051EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2012/02/21 1:31 p.m.17 views

Cross site request forgery (csrf)

uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to modify an administrative password via a password-change request...

5CVSS7.3AI score0.01189EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2012/02/21 1:31 p.m.20 views

Sql injection

SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via crafted string input...

7.5CVSS9AI score0.01232EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2012/02/21 1:31 p.m.22 views

Buffer overflow

Buffer overflow in an ActiveX control in Advantech/BroadWin WebAccess before 7.0 might allow remote attackers to execute arbitrary code via a long string value in unspecified parameters...

10CVSS8.5AI score0.04305EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2012/02/21 1:31 p.m.18 views

Format string

Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via format string specifiers in a message string...

10CVSS8.2AI score0.07173EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2012/02/21 1:31 p.m.22 views

Buffer overflow

Buffer overflow in an ActiveX control in bwocxrun.ocx in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code by leveraging the ability to write arbitrary content to any pathname...

10CVSS8.6AI score0.04305EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2012/02/21 1:31 p.m.16 views

Code injection

Advantech/BroadWin WebAccess before 7.0 allows remote attackers to 1 enable date and time syncing or 2 disable date and time syncing via a crafted URL...

6.4CVSS7.1AI score0.01292EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2012/02/21 11:0 a.m.26 views

CVE-2011-4526

Buffer overflow in an ActiveX control in Advantech/BroadWin WebAccess before 7.0 might allow remote attackers to execute arbitrary code via a long string value in unspecified parameters...

7.8AI score0.04305EPSS
Exploits0References2
Cvelist
Cvelist
added 2012/02/21 11:0 a.m.24 views

CVE-2012-0239

uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to modify an administrative password via a password-change request...

6.7AI score0.01189EPSS
Exploits0References2
Cvelist
Cvelist
added 2012/02/21 11:0 a.m.25 views

CVE-2012-0234

SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via a malformed URL...

8.1AI score0.01232EPSS
Exploits0References2
Cvelist
Cvelist
added 2012/02/21 11:0 a.m.28 views

CVE-2012-0236

Advantech/BroadWin WebAccess 7.0 and earlier allows remote attackers to obtain sensitive information via a direct request to a URL. NOTE: the vendor reportedly "does not consider it to be a security risk."...

6.1AI score0.01279EPSS
Exploits0References2
Cvelist
Cvelist
added 2012/02/21 11:0 a.m.20 views

CVE-2012-0235

Cross-site request forgery CSRF vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...

6.8AI score0.00504EPSS
Exploits0References2
Cvelist
Cvelist
added 2012/02/21 11:0 a.m.19 views

CVE-2012-0237

Advantech/BroadWin WebAccess before 7.0 allows remote attackers to 1 enable date and time syncing or 2 disable date and time syncing via a crafted URL...

6.5AI score0.01292EPSS
Exploits0References2
Cvelist
Cvelist
added 2012/02/21 11:0 a.m.25 views

CVE-2011-4523

Cross-site scripting XSS vulnerability in bwview.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters...

5.6AI score0.00989EPSS
Exploits0References2
Cvelist
Cvelist
added 2012/02/21 11:0 a.m.30 views

CVE-2011-4524

Buffer overflow in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via a long string value in unspecified parameters...

7.8AI score0.04305EPSS
Exploits0References2
Cvelist
Cvelist
added 2012/02/21 11:0 a.m.23 views

CVE-2012-1235

Cross-site request forgery CSRF vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0235...

6.6AI score0.0051EPSS
Exploits1References1
Cvelist
Cvelist
added 2012/02/21 11:0 a.m.26 views

CVE-2012-1234

SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to execute arbitrary SQL commands via a malformed URL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0234...

7.8AI score0.01156EPSS
Exploits1References1
Rows per page
Query Builder