Skip to main content
CVE-2014-0763 HIGH POC THREAT Act Now

An attacker using SQL injection may use arguments to construct queries without proper sanitization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 57.9%.

RCE SQLi Advantech Webaccess
NVD VulDB
CVSS 2.0
7.5
EPSS
57.9%
Threat
4.7
CVE-2014-0768 HIGH This Week

An attacker may pass an overly long value from the AccessCode2 argument to the control to overflow the static stack buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Stack Overflow Buffer Overflow Advantech Webaccess
NVD VulDB
CVSS 2.0
7.5
EPSS
1.2%
CVE-2014-0767 HIGH This Week

An attacker may exploit this vulnerability by passing an overly long value from the AccessCode argument to the control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Advantech Webaccess
NVD VulDB
CVSS 2.0
7.5
EPSS
1.2%
CVE-2014-0766 HIGH This Week

An attacker can exploit this vulnerability by copying an overly long NodeName2 argument into a statically sized buffer on the stack to overflow the static stack buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Stack Overflow Buffer Overflow Advantech Webaccess
NVD VulDB
CVSS 2.0
7.5
EPSS
1.2%
CVE-2014-0765 HIGH This Week

To exploit this vulnerability, the attacker sends data from the GotoCmd argument to control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Stack Overflow Buffer Overflow Advantech Webaccess
NVD VulDB
CVSS 2.0
7.5
EPSS
1.2%
CVE-2014-0764 HIGH This Week

By providing an overly long string to the NodeName parameter, an attacker may be able to overflow the static stack buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Advantech Webaccess
NVD VulDB
CVSS 2.0
7.5
EPSS
1.2%
CVE-2014-0770 HIGH This Week

By providing an overly long string to the UserName parameter, an attacker may be able to overflow the static stack buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Advantech Webaccess
NVD VulDB
CVSS 2.0
7.5
EPSS
1.1%
CVE-2014-0773 HIGH This Week

The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “CreateProcess.” This method contains validation to ensure an attacker cannot run arbitrary command lines. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Microsoft Advantech Webaccess
NVD VulDB
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-0771 HIGH This Week

The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “OpenUrlToBuffer.” This method takes a URL as a parameter and returns its contents to the caller in JavaScript. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Advantech Webaccess
NVD VulDB
CVSS 2.0
7.5
EPSS
0.3%
CVE-2013-2809 HIGH This Week

The DNP Master Driver in the OSIsoft PI Interface before 3.1.2.54 for DNP3 allows remote attackers to cause a denial of service (interface shutdown) via a crafted TCP packet. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Pi Interface
NVD VulDB
CVSS 2.0
7.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy