5 matches found
EUVD-2014-0802
Malware in sbrugna...
Advantech WebAccess bwocxrun.ocx OpenUrlToBuffer Information Disclosure Vulnerability
This vulnerability allows remote attackers to access arbitrary files on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2014-0771
The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “OpenUrlToBuffer.” This method takes a URL as a parameter and returns its contents to the caller in JavaScript. The URLs are accessed in the security context of the current browser session. The control does not perform any URL validation...
Buffer overflow
The OpenUrlToBuffer method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a file: URL...
CVE-2014-0771
Advantech WebAccess BWOCXRUN.BwocxrunCtrl.1 OpenUrlToBuffer in bwocxrun.ocx allows reading arbitrary files via file:// URLs because there is no URL validation. This enables remote-access scenarios where an attacker could read local or reachable files through JavaScript, within the browser context...