Advantech Webaccess@* Security Vulnerabilities and Issues — Page 2 of Advantech Webaccess@* CVE List

Lucene search

AdvantechAdvantech Webaccess*

69 matches found

CVE•added 2014/07/19 5:9 a.m.•45 views

CVE-2014-2365

Unspecified vulnerability in Advantech WebAccess before 7.2 allows remote authenticated users to create or delete arbitrary files via unknown vectors.

5.5CVSS6.4AI score0.00275EPSS

CVE•added 2021/12/22 7:15 p.m.•45 views

CVE-2021-21915

An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at ‘company_filter’ parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authentica...

8.8CVSS8.7AI score0.0125EPSS

CVE•added 2012/02/21 1:31 p.m.•44 views

CVE-2012-0240

GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to execute arbitrary code via unspecified vectors.

10CVSS7.9AI score0.00927EPSS

CVE•added 2012/02/21 1:31 p.m.•44 views

CVE-2012-0244

Multiple SQL injection vulnerabilities in Advantech/BroadWin WebAccess before 7.0 allow remote attackers to execute arbitrary SQL commands via crafted string input.

7.5CVSS8.7AI score0.00163EPSS

CVE•added 2021/12/22 7:15 p.m.•44 views

CVE-2021-21936

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘health_alt_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery.

8.8CVSS8.7AI score0.0112EPSS

CVE•added 2012/02/21 1:31 p.m.•43 views

CVE-2011-4526

Buffer overflow in an ActiveX control in Advantech/BroadWin WebAccess before 7.0 might allow remote attackers to execute arbitrary code via a long string value in unspecified parameters.

10CVSS8.1AI score0.02497EPSS

CVE•added 2012/02/21 1:31 p.m.•42 views

CVE-2012-0238

Stack-based buffer overflow in opcImg.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via unspecified vectors.

10CVSS8.3AI score0.02392EPSS

CVE•added 2013/08/22 5:34 a.m.•42 views

CVE-2013-2299

Cross-site scripting (XSS) vulnerability in Advantech WebAccess (formerly BroadWin WebAccess) before 7.1 2013.05.30 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5CVSS5.3AI score0.00288EPSS

CVE•added 2021/12/22 7:15 p.m.•42 views

CVE-2021-21911

A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger...

8.8CVSS7.8AI score0.00038EPSS

CVE•added 2021/12/22 7:15 p.m.•42 views

CVE-2021-21919

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ord’ parameter. However, the high privilege super-administrator account needs to be used to achieve exploitation without cross-site request forgery attack.

7.7CVSS5.3AI score0.01337EPSS

CVE•added 2021/12/22 7:15 p.m.•42 views

CVE-2021-21922

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘username_filter’ parameter with the administrative account or through cross-site request forgery.

7.7CVSS6.6AI score0.01194EPSS

CVE•added 2021/12/22 7:15 p.m.•42 views

CVE-2021-21930

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘sn_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.

7.7CVSS6.8AI score0.01194EPSS

CVE•added 2021/12/22 7:15 p.m.•42 views

CVE-2021-21935

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘host_alt_filter2’ parameter. This can be done as any authenticated user or through cross-site request forgery.

7.7CVSS6.8AI score0.01194EPSS

CVE•added 2021/12/22 7:15 p.m.•41 views

CVE-2021-21920

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘surname_filter’ parameter with the administrative account or through cross-site request forgery.

7.7CVSS5.5AI score0.01337EPSS

CVE•added 2021/12/22 7:15 p.m.•41 views

CVE-2021-21931

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at‘ stat_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.

7.7CVSS6.8AI score0.01194EPSS

CVE•added 2021/12/22 7:15 p.m.•40 views

CVE-2021-21912

8.8CVSS7.8AI score0.00108EPSS

CVE•added 2012/02/21 1:31 p.m.•39 views

CVE-2012-0239

uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to modify an administrative password via a password-change request.

5CVSS6.9AI score0.00175EPSS

CVE•added 2012/02/21 1:31 p.m.•39 views

CVE-2012-1235

Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0235.

6CVSS6.8AI score0.00069EPSS

CVE•added 2021/12/22 7:15 p.m.•39 views

CVE-2021-21921

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘name_filter’ parameter with the administrative account or through cross-site request forgery.

7.7CVSS5.5AI score0.01337EPSS

Total number of security vulnerabilities69