Advantech WebAccess 8.1 Post Authentication Credential Collector

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Advantech WebAccess 8.1 Post Authentication Credential Collector", 'Description' = %q This module allows you to log into Advantech WebAccess 8.1,...

Design/Logic Flaw

Advantech WebAccess 8.1 and earlier contains a DLL hijacking vulnerability which may allow an attacker to run a malicious DLL file within the search path resulting in execution of arbitrary code...

CVE-2017-5152

An issue was discovered in Advantech WebAccess Version 8.1. By accessing a specific uniform resource locator URL on the web server, a malicious user is able to access pages unrestricted AUTHENTICATION BYPASS...

Advantech WebAccess 8.1 Post Authentication Credential Collector

This module allows you to log into Advantech WebAccess 8.1, and collect all of the credentials. Although authentication is required, any level of user permission can exploit this vulnerability. Note that 8.2 is not suitable for this. This module requires Metasploit: https://metasploit.com/downloa...

CVE-2016-0856

CVE-2016-0856 affects Advantech WebAccess (pre-8.1). The root cause is a stack-based buffer overflow in the bwconn.dll RpcWebClientConnect path (IoRequest structure) that can be triggered remotely to execute arbitrary code. Public PoCs and PoC-style repositories on Gitee describe a Python/ctypes-...

CVE-2016-0851

Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service out-of-bounds memory access via unspecified vectors...