4 matches found
Advantech WebAccess DBVisitor.dll ChartThemeConfig SQL Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rexml/document' class MetasploitModule 'Advantech WebAccess DBVisitor.dll ChartThemeConfig SQL Injection', 'Description' = %q This module exploits a SQL injecti...
Advantech WebAccess DBVisitor.dll ChartThemeConfig SQL Injection
This module exploits a SQL injection vulnerability found in Advantech WebAccess 7.1. The vulnerability exists in the DBVisitor.dll component, and can be abused through malicious requests to the ChartThemeConfig web service. This module can be used to extract the site and project usernames and...
CVE-2014-0763
Summary of CVE-2014-0763 (Advantech WebAccess) : The vulnerability affects Advantech WebAccess (7.1 and earlier) in the DBVisitor.dll component exposed via SOAP interfaces, where SOAP injection enables SQL injection through the ChartThemeConfig/service vectors. This may allow an attacker to perfo...
Advantech WebAccess DBVisitor.dll SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DBVisitor.dll component. Multiple SOAP requests implemented by the component a...