EUVD-2014-0802

Malware in sbrugna...

CVE-2014-2368

The CVE-2014-2368 issue affects Advantech WebAccess (prior to 7.2) via the bwocxrun ActiveX control. The BrowseFolder method can be abused to read arbitrary files, enabling remote read access. Root cause: Unsafe ActiveX control that allows navigation from the Internet to local files. Exploitation...

Advantech WebAccess bwocxrun ActiveX Control Installation Vulnerability

This vulnerability allows remote attackers to install certain ActiveX controls without user interaction on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...

Advantech WebAccess bwocxrun.ocx CreateProcess方法远程命令执行漏洞

CVE ID:CVE-2014-0773 Advantech WebAccess HMI/SCADA是一款HMI/SCADA软件。 Advantech WebAccess BWOCXRUN.BwocxrunCtrl.1 ActiveX控件bwocxrun.ocx中的CreateProcess方法存在安全漏洞，如果命令行中包含'\setup.exe', '\bwvbprt.exe'或'\bwvbprtl.exe'，可导致绕过该方法中的命令执行校验机制，以应用程序上下文执行任意命令。 0 Advantech WebAccess 7.1 Advantech WebAccess...

CVE-2014-0772

Advantech WebAccess is affected by CVE-2014-0772 in the bwocxrun.ocx ActiveX control (BwocxrunCtrl.1). The OpenUrlToBufferTimeout method accepts a URL and returns its contents to JavaScript, executing in the current browser session context. The vulnerability arises from lack of URL validation, al...

CVE-2014-0771

Advantech WebAccess BWOCXRUN.BwocxrunCtrl.1 OpenUrlToBuffer in bwocxrun.ocx allows reading arbitrary files via file:// URLs because there is no URL validation. This enables remote-access scenarios where an attacker could read local or reachable files through JavaScript, within the browser context...