Advantech WebAccess SCADA Dashboard Arbitrary File Upload (CVE-2016-0854)

An arbitrary file upload vulnerability has been reported in the Dashboard component of Advantech WebAccess. The vulnerability is due to insufficient input validation within the uploadImageCommon, uploadFile or uploadBannerImage methods in the UploadAjaxAction script. A remote, unauthenticated...

Advantech Webaccess Dashboard Viewer - Arbitrary File Upload (Metasploit)

Exploit for windows platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "Advantech WebAccess Dashboard Viewer Arbitrary File Upload",...

CVE-2016-0854

creationtimestamp| type| source ---|---|--- 2016-04-26 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/39735 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/scada/advantechwebaccessdashboardfileupload.rb 2025-02-0...

CVE-2016-0854

Affected product: Advantech WebAccess, specifically the Dashboard Viewer component of WebAccess prior to version 8.1. Vulnerability summary: Unrestricted upload of a file with dangerous type via the UploadAjaxAction script (uploadImageCommon/uploadFile/uploadBannerImage paths) in the WebAccess Da...