Lucene search
RgodZDI-16-123HistoryFeb 05, 2016 - 12:00 a.m.
Advantech WebAccess Dashboard Viewer addFolder Directory Traversal Arbitrary File Deletion Denial of Service Vulnerability
2016-02-0500:00:00
rgod
www.zerodayinitiative.com
17
0.263 Low
EPSS
Percentile
96.8%
This vulnerability allows remote attackers to deny service to all users on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WebAccess Dashboard Viewer. Insufficient validation within the addFolder script allows unauthenticated callers to overwrite key system files so that access to the functionality of WebAccess is completely blocked to all users.
Related
zdi
zdi
prion
prion
Directory traversal
2016-01-15 03:59:00
checkpoint_advisories
checkpoint_advisories
Advantech WebAccess SCADA Dashboard Directory Traversal (CVE-2016-0855)
2016-05-15 00:00:00
cvelist
cvelist
CVE-2016-0855
2016-01-15 02:00:00
nvd
nvd
CVE-2016-0855
2016-01-15 03:59:17
nessus
nessus
Advantech WebAccess openWidget Script Path Traversal Remote File Disclosure
2016-02-18 00:00:00
Advantech WebAccess < 8.1-2015.12.30 Multiple Vulnerabilities
2016-03-03 00:00:00
cve
cve
CVE-2016-0855
2016-01-15 03:59:17
ics
ics
Advantech WebAccess Vulnerabilities
2018-08-23 12:00:00
openvas
openvas
Advantech WebAccess Multiple Vulnerabilities (Jan 2016)
2016-01-22 00:00:00