7 matches found
CVE-2016-9332
CVE-2016-9332 affects Moxa SoftCMS Webserver prior to version 1.6. The vulnerability stems from improper input validation in the ASP Webserver, allowing an attacker to provide unexpected values that can crash the application or cause excessive resource consumption, potentially leading to a denial...
CVE-2015-6458
CVE-2015-6458 describes a heap/classic buffer overflow in Moxa SoftCMS 1.3 and earlier that may crash or allow remote code execution. Public documentation ties the issue to buffer overflow weaknesses in SoftCMS prior to version 1.4, which Moxa released on 2015-06-01 to address the vulnerability b...
CVE-2015-6457
CVE-2015-6457 relates to Moxa SoftCMS 1.3 and earlier, which are susceptible to a buffer overflow that could crash or allow remote code execution. Moxa released SoftCMS 1.4 on 2015-06-01 to address the vulnerability. Connected advisories (ZDI) describe multiple heap-based buffer overflow vulnerab...
CVE-2016-5792
Moxa SoftCMS SQL Injection (CVE-2016-5792) affects SoftCMS versions before 1.5. The vulnerability stems from improper input validation, allowing remote attackers to craft inputs that execute arbitrary SQL commands via unspecified fields (getcaminfo.asp is cited by ZDI as a risk vector). Impact de...
CVE-2016-8360
CVE-2016-8360 affects Moxa SoftCMS Webserver in versions before 1.6. A specially crafted URL request can trigger a double-free condition, enabling memory corruption that could lead to denial of service or arbitrary code execution. Severity is high (CVSSv3 base 8.1) with network access required an...
CVE-2016-9333
CVE-2016-9333 affects Moxa SoftCMS prior to version 1.6. The SoftCMS Webserver fails to properly sanitize input, enabling SQL Injection that could allow a remote attacker to gain administrator privileges. The vulnerability has been assigned CVSS v3 base score 9.8 (CRITICAL) with network access, n...
CVE-2015-1000
This CVE (CVE-2015-1000) affects Moxa SoftCMS prior to v1.3 and specifically the RTSPVIDEO.rtspvideoCtrl.1 ActiveX control. The vulnerability is a stack-based buffer overflow in the OpenForIPCamTest method (via the StrRtspPath parameter) that allows remote code execution. Exploitation is remote (...