Advantech Webaccess Security Vulnerabilities and Issues — Advantech Webaccess CVE List

Lucene search

AdvantechAdvantech Webaccess

7 matches found

CVE•added 2014/04/12 4:37 a.m.•130 views

CVE-2014-0772

The OpenUrlToBufferTimeout method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a file: URL.

5CVSS6.5AI score0.00183EPSS

CVE•added 2012/02/21 1:31 p.m.•70 views

CVE-2012-0236

Advantech/BroadWin WebAccess 7.0 and earlier allows remote attackers to obtain sensitive information via a direct request to a URL. NOTE: the vendor reportedly "does not consider it to be a security risk."

5CVSS6.3AI score0.00236EPSS

CVE•added 2014/04/12 4:37 a.m.•60 views

CVE-2014-0771

The OpenUrlToBuffer method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a file: URL.

5CVSS6.5AI score0.00183EPSS

CVE•added 2014/07/19 5:9 a.m.•55 views

CVE-2014-2368

The BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call.

5CVSS6.7AI score0.00289EPSS

CVE•added 2012/02/21 1:31 p.m.•50 views

CVE-2012-0241

Advantech/BroadWin WebAccess before 7.0 allows remote attackers to cause a denial of service (memory corruption) via a modified stream identifier to a function.

5CVSS6.8AI score0.10618EPSS

CVE•added 2014/07/19 5:9 a.m.•45 views

CVE-2014-2365

Unspecified vulnerability in Advantech WebAccess before 7.2 allows remote authenticated users to create or delete arbitrary files via unknown vectors.

5.5CVSS6.4AI score0.00275EPSS

CVE•added 2012/02/21 1:31 p.m.•39 views

CVE-2012-0239

uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to modify an administrative password via a password-change request.

5CVSS6.9AI score0.00175EPSS