Lucene search
K

2696 matches found

Cvelist
Cvelist
added 2025/11/06 7:47 p.m.5 views

CVE-2025-34244 Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxFwRulesController.ajaxDeviceFwRulesAction()

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxFwRulesController.ajaxDeviceFwRulesAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

5.3CVSS0.0026EPSS
Exploits0References3
CVE
CVE
added 2025/11/06 7:47 p.m.13 views

CVE-2025-34243

Affected software: Advantech WebAccess/VPN before 1.1.5. Vulnerability: SQL injection in AjaxFwRulesController.ajaxNetworkFwRulesAction() that allows an authenticated, low-privileged observer to inject SQL via datatable search parameters, leading to disclosure of database information. Impact (as ...

6.5CVSS7.2AI score0.0026EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/06 7:47 p.m.2 views

CVE-2025-34243 Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxFwRulesController.ajaxNetworkFwRulesAction()

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxFwRulesController.ajaxNetworkFwRulesAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

5.3CVSS7.2AI score0.0026EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/06 7:47 p.m.5 views

CVE-2025-34243 Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxFwRulesController.ajaxNetworkFwRulesAction()

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxFwRulesController.ajaxNetworkFwRulesAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

5.3CVSS0.0026EPSS
Exploits0References3
CVE
CVE
added 2025/11/06 7:46 p.m.12 views

CVE-2025-34242

Advantech WebAccess/VPN before version 1.1.5 contains a SQL injection in AjaxNetworkController.ajaxAction(). An authenticated, low-privileged observer can inject SQL via datatable search parameters, leading to disclosure of database information. Affected product/version: Advantech WebAccess/VPN

8.6CVSS7.2AI score0.0026EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/06 7:46 p.m.3 views

CVE-2025-34242 Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxNetworkController.ajaxAction()

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxNetworkController.ajaxAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

8.6CVSS7.2AI score0.0026EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/06 7:46 p.m.5 views

CVE-2025-34242 Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxNetworkController.ajaxAction()

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxNetworkController.ajaxAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

8.6CVSS0.0026EPSS
Exploits0References3
CVE
CVE
added 2025/11/06 7:45 p.m.8 views

CVE-2025-34241

Advantech WebAccess/VPN before version 1.1.5 is affected by a SQL injection in AjaxDeviceController.ajaxDeviceAction() via datatable search parameters. An authenticated, low-privileged observer can potentially have access to database data due to improper input handling. The issue is consistently ...

6.5CVSS7.2AI score0.0026EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/11/06 7:45 p.m.4 views

CVE-2025-34241 Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxDeviceController.ajaxDeviceAction()

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxDeviceController.ajaxDeviceAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

5.3CVSS0.0026EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/06 7:45 p.m.1 views

CVE-2025-34241 Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxDeviceController.ajaxDeviceAction()

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxDeviceController.ajaxDeviceAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

5.3CVSS7.2AI score0.0026EPSS
Exploits0References3
CVE
CVE
added 2025/11/06 7:45 p.m.8 views

CVE-2025-34240

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection in AppManagementController.appUpgradeAction() due to failure to filter datatable search parameters. An authenticated, low-privileged observer can inject SQL to disclose database information. Affected software: Advantech WebAc...

8.6CVSS7.2AI score0.0026EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/06 7:45 p.m.1 views

CVE-2025-34240 Advantech WebAccess/VPN < 1.1.5 SQL Injection via AppManagementController.appUpgradeAction()

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AppManagementController.appUpgradeAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

8.6CVSS7.2AI score0.0026EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/06 7:45 p.m.3 views

CVE-2025-34240 Advantech WebAccess/VPN < 1.1.5 SQL Injection via AppManagementController.appUpgradeAction()

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AppManagementController.appUpgradeAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

8.6CVSS0.0026EPSS
Exploits0References3
CVE
CVE
added 2025/11/06 7:44 p.m.14 views

CVE-2025-34239

CVE-2025-34239 affects Advantech WebAccess/VPN before version 1.1.5. A command injection exists in AppManagementController.appUpgradeAction(), allowing an authenticated system administrator to execute arbitrary commands as the web server user (www-data) by supplying a crafted uploaded filename. V...

8.6CVSS7.6AI score0.01616EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/06 7:44 p.m.3 views

CVE-2025-34239 Advantech WebAccess/VPN < 1.1.5 Command Injection in AppManagementController.appUpgradeAction()

Advantech WebAccess/VPN versions prior to 1.1.5 contain a command injection vulnerability in AppManagementController.appUpgradeAction that allows an authenticated system administrator to execute arbitrary commands as the web server user www-data by supplying a crafted uploaded filename...

8.6CVSS7.6AI score0.01616EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/06 7:44 p.m.4 views

CVE-2025-34239 Advantech WebAccess/VPN < 1.1.5 Command Injection in AppManagementController.appUpgradeAction()

Advantech WebAccess/VPN versions prior to 1.1.5 contain a command injection vulnerability in AppManagementController.appUpgradeAction that allows an authenticated system administrator to execute arbitrary commands as the web server user www-data by supplying a crafted uploaded filename...

8.6CVSS0.01616EPSS
Exploits0References3
CVE
CVE
added 2025/11/06 7:43 p.m.10 views

CVE-2025-34238

CVE-2025-34238 affects Advantech WebAccess/VPN versions prior to 1.1.5. A path traversal flaw in AjaxStandaloneVpnClientsController.ajaxDownloadRoadWarriorConfigFileAction() allows an authenticated network administrator to read arbitrary files that the web user (www-data) can access. The issue is...

6.9CVSS6.3AI score0.00341EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/06 7:43 p.m.2 views

CVE-2025-34238 Advantech WebAccess/VPN < 1.1.5 Path Traversal via AjaxStandaloneVpnClientsController.ajaxDownloadRoadWarriorConfigFileAction()

Advantech WebAccess/VPN versions prior to 1.1.5 contain an absolute path traversal via AjaxStandaloneVpnClientsController.ajaxDownloadRoadWarriorConfigFileAction that allows an authenticated network administrator to cause the application to read and return the contents of arbitrary files the web...

6.9CVSS6.3AI score0.00341EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/06 7:43 p.m.4 views

CVE-2025-34238 Advantech WebAccess/VPN < 1.1.5 Path Traversal via AjaxStandaloneVpnClientsController.ajaxDownloadRoadWarriorConfigFileAction()

Advantech WebAccess/VPN versions prior to 1.1.5 contain an absolute path traversal via AjaxStandaloneVpnClientsController.ajaxDownloadRoadWarriorConfigFileAction that allows an authenticated network administrator to cause the application to read and return the contents of arbitrary files the web...

6.9CVSS0.00341EPSS
Exploits0References3
CVE
CVE
added 2025/11/06 7:40 p.m.14 views

CVE-2025-34237

CVE-2025-34237 describes a stored cross-site scripting (XSS) vulnerability in Advantech WebAccess/VPN prior to version 1.1.5. The issue stems from insufficient validation/escaping of input in StandaloneVpnClientsController.addStandaloneVpnClientAction(), enabling an attacker to inject and execute...

6.3CVSS5.5AI score0.00176EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder