Lucene search
Andrea Micalizzi aka rgodZDI-14-077HistoryApr 10, 2014 - 12:00 a.m.
Advantech WebAccess DBVisitor.dll SQL Injection Remote Code Execution Vulnerability
2014-04-1000:00:00
Andrea Micalizzi aka rgod
www.zerodayinitiative.com
17
0.012 Low
EPSS
Percentile
85.5%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DBVisitor.dll component. Multiple SOAP requests implemented by the component are vulnerable to SQL Injection. These flaws allow an attacker to execute arbitrary SQL statements in the context of the web service and to exfiltrate data (including the account names and password hashes) from the vulnerable product.
Related
seebug
seebug
Advantech WebAccess DBVisitor.dll特制SOAP请求SQL注入漏洞
2014-04-15 00:00:00
prion
prion
Sql injection
2014-04-12 04:37:00
cvelist
cvelist
CVE-2014-0763
2014-04-12 01:00:00
checkpoint_advisories
checkpoint_advisories
Advantech WebAccess SQL Injection Information Disclosure (CVE-2014-0763)
2014-06-10 00:00:00
nvd
nvd
CVE-2014-0763
2014-04-12 04:37:31
cve
cve
CVE-2014-0763
2014-04-12 04:37:31
nessus
nessus
Advantech WebAccess < 7.2-2013.11.14 Multiple Vulnerabilities
2017-02-14 00:00:00
Advantech WebAccess < 7.2-2013.11.14 Multiple Vulnerabilities
2015-08-17 00:00:00
ics
ics
Advantech WebAccess Vulnerabilities
2018-09-06 12:00:00
openvas
openvas
Advantech WebAccess Multiple Vulnerabilities
2014-04-16 00:00:00