Skip to main content

Advantech Webaccess

38 CVEs product

Monthly

CVE-2014-0992 MEDIUM This Month

Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the password parameter. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Buffer Overflow Advantech Webaccess
NVD
CVSS 2.0
6.8
EPSS
1.7%
CVE-2014-0991 MEDIUM This Month

Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the projectname parameter. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Buffer Overflow Advantech Webaccess
NVD
CVSS 2.0
6.8
EPSS
1.7%
CVE-2014-0990 MEDIUM This Month

Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the UserName parameter. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Buffer Overflow Advantech Webaccess
NVD
CVSS 2.0
6.8
EPSS
1.7%
CVE-2014-0989 MEDIUM This Month

Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode2 parameter. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Buffer Overflow Advantech Webaccess
NVD
CVSS 2.0
6.8
EPSS
1.7%
CVE-2014-0988 MEDIUM This Month

Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode parameter. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Buffer Overflow Advantech Webaccess
NVD
CVSS 2.0
6.8
EPSS
1.7%
CVE-2014-0987 MEDIUM This Month

Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName2 parameter. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Buffer Overflow Advantech Webaccess
NVD
CVSS 2.0
6.8
EPSS
1.7%
CVE-2014-0986 MEDIUM This Month

Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the GotoCmd parameter. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Buffer Overflow Advantech Webaccess
NVD
CVSS 2.0
6.8
EPSS
1.7%
CVE-2014-0985 MEDIUM This Month

Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName parameter. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Buffer Overflow Advantech Webaccess
NVD
CVSS 2.0
6.8
EPSS
1.7%
CVE-2014-2368 HIGH This Week

The BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Advantech Webaccess
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2014-2367 HIGH This Week

The ChkCookie subroutine in an ActiveX control in broadweb/include/gChkCook.asp in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Advantech Webaccess
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-2366 CRITICAL Act Now

upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Advantech Webaccess
NVD
CVSS 2.0
9.0
EPSS
0.2%
CVE-2014-2365 MEDIUM This Month

Unspecified vulnerability in Advantech WebAccess before 7.2 allows remote authenticated users to create or delete arbitrary files via unknown vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Advantech Webaccess
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2014-2364 HIGH POC THREAT Act Now

Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 40.2%.

RCE Stack Overflow Buffer Overflow Advantech Webaccess
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
40.2%
Threat
4.2
CVE-2014-0773 HIGH This Week

The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “CreateProcess.” This method contains validation to ensure an attacker cannot run arbitrary command lines. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Microsoft Advantech Webaccess
NVD VulDB
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-0772 MEDIUM This Month

The BWOCXRUN.BwocxrunCtrl.1 control contains a method named OpenUrlToBufferTimeout. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Advantech Webaccess
NVD VulDB
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-0771 HIGH This Week

The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “OpenUrlToBuffer.” This method takes a URL as a parameter and returns its contents to the caller in JavaScript. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Advantech Webaccess
NVD VulDB
CVSS 2.0
7.5
EPSS
0.3%
CVE-2014-0770 HIGH This Week

By providing an overly long string to the UserName parameter, an attacker may be able to overflow the static stack buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Advantech Webaccess
NVD VulDB
CVSS 2.0
7.5
EPSS
1.1%
CVE-2014-0768 HIGH This Week

An attacker may pass an overly long value from the AccessCode2 argument to the control to overflow the static stack buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Stack Overflow Buffer Overflow Advantech Webaccess
NVD VulDB
CVSS 2.0
7.5
EPSS
1.2%
CVE-2014-0767 HIGH This Week

An attacker may exploit this vulnerability by passing an overly long value from the AccessCode argument to the control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Advantech Webaccess
NVD VulDB
CVSS 2.0
7.5
EPSS
1.2%
CVE-2014-0766 HIGH This Week

An attacker can exploit this vulnerability by copying an overly long NodeName2 argument into a statically sized buffer on the stack to overflow the static stack buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Stack Overflow Buffer Overflow Advantech Webaccess
NVD VulDB
CVSS 2.0
7.5
EPSS
1.2%
CVE-2014-0765 HIGH This Week

To exploit this vulnerability, the attacker sends data from the GotoCmd argument to control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Stack Overflow Buffer Overflow Advantech Webaccess
NVD VulDB
CVSS 2.0
7.5
EPSS
1.2%
CVE-2014-0764 HIGH This Week

By providing an overly long string to the NodeName parameter, an attacker may be able to overflow the static stack buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Advantech Webaccess
NVD VulDB
CVSS 2.0
7.5
EPSS
1.2%
CVE-2014-0763 HIGH POC THREAT Act Now

An attacker using SQL injection may use arguments to construct queries without proper sanitization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 57.9%.

RCE SQLi Advantech Webaccess
NVD VulDB
CVSS 2.0
7.5
EPSS
57.9%
Threat
4.7
CVE-2013-2299 LOW POC Monitor

Cross-site scripting (XSS) vulnerability in Advantech WebAccess (formerly BroadWin WebAccess) before 7.1 2013.05.30 allows remote authenticated users to inject arbitrary web script or HTML via. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Advantech Webaccess
NVD Exploit-DB
CVSS 2.0
3.5
EPSS
0.5%
CVE-2012-1235 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

CSRF Advantech Webaccess
NVD
CVSS 2.0
6.0
EPSS
0.1%
CVE-2012-1234 MEDIUM PATCH This Month

SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to execute arbitrary SQL commands via a malformed URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Advantech Webaccess
NVD
CVSS 2.0
6.5
EPSS
0.2%
CVE-2012-0244 HIGH PATCH This Week

Multiple SQL injection vulnerabilities in Advantech/BroadWin WebAccess before 7.0 allow remote attackers to execute arbitrary SQL commands via crafted string input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Advantech Webaccess
NVD
CVSS 2.0
7.5
EPSS
0.2%
CVE-2012-0243 CRITICAL PATCH Act Now

Buffer overflow in an ActiveX control in bwocxrun.ocx in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code by leveraging the ability to write arbitrary content. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow RCE Advantech Webaccess
NVD
CVSS 2.0
10.0
EPSS
3.1%
CVE-2012-0242 CRITICAL POC PATCH Act Now

Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via format string specifiers in a message string. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Advantech Webaccess
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
6.3%
CVE-2012-0241 MEDIUM POC PATCH This Month

Advantech/BroadWin WebAccess before 7.0 allows remote attackers to cause a denial of service (memory corruption) via a modified stream identifier to a function. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Advantech Webaccess
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
8.1%
CVE-2012-0240 CRITICAL PATCH Act Now

GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

RCE Authentication Bypass Advantech Webaccess
NVD
CVSS 2.0
10.0
EPSS
1.4%
CVE-2012-0239 MEDIUM PATCH This Month

uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to modify an administrative password via a password-change request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Advantech Webaccess
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2012-0238 CRITICAL PATCH Act Now

Stack-based buffer overflow in opcImg.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow RCE Advantech Webaccess
NVD
CVSS 2.0
10.0
EPSS
3.1%
CVE-2012-0237 MEDIUM This Month

Advantech/BroadWin WebAccess before 7.0 allows remote attackers to (1) enable date and time syncing or (2) disable date and time syncing via a crafted URL. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Advantech Webaccess
NVD
CVSS 2.0
6.4
EPSS
0.2%
CVE-2012-0236 MEDIUM PATCH This Month

Advantech/BroadWin WebAccess 7.0 and earlier allows remote attackers to obtain sensitive information via a direct request to a URL. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Advantech Webaccess
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2012-0235 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

CSRF Advantech Webaccess
NVD
CVSS 2.0
6.0
EPSS
0.1%
CVE-2012-0234 HIGH PATCH This Week

SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via a malformed URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Advantech Webaccess
NVD
CVSS 2.0
7.5
EPSS
0.2%
CVE-2012-0233 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via a malformed URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Advantech Webaccess
NVD
CVSS 2.0
4.3
EPSS
0.2%
EPSS 2% CVSS 6.8
MEDIUM This Month

Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the password parameter. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Buffer Overflow Advantech Webaccess
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the projectname parameter. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Buffer Overflow Advantech Webaccess
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the UserName parameter. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Buffer Overflow Advantech Webaccess
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode2 parameter. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Buffer Overflow Advantech Webaccess
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode parameter. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Buffer Overflow Advantech Webaccess
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName2 parameter. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Buffer Overflow Advantech Webaccess
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the GotoCmd parameter. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Buffer Overflow Advantech Webaccess
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName parameter. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Buffer Overflow Advantech Webaccess
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Advantech Webaccess
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The ChkCookie subroutine in an ActiveX control in broadweb/include/gChkCook.asp in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Advantech Webaccess
NVD
EPSS 0% CVSS 9.0
CRITICAL Act Now

upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Advantech Webaccess
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Unspecified vulnerability in Advantech WebAccess before 7.2 allows remote authenticated users to create or delete arbitrary files via unknown vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Advantech Webaccess
NVD
EPSS 40% 4.2 CVSS 7.5
HIGH POC THREAT Act Now

Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 40.2%.

RCE Stack Overflow Buffer Overflow +1
NVD Exploit-DB
EPSS 0% CVSS 7.5
HIGH This Week

The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “CreateProcess.” This method contains validation to ensure an attacker cannot run arbitrary command lines. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Microsoft Advantech Webaccess
NVD VulDB
EPSS 0% CVSS 5.0
MEDIUM This Month

The BWOCXRUN.BwocxrunCtrl.1 control contains a method named OpenUrlToBufferTimeout. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Advantech Webaccess
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “OpenUrlToBuffer.” This method takes a URL as a parameter and returns its contents to the caller in JavaScript. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Advantech Webaccess
NVD VulDB
EPSS 1% CVSS 7.5
HIGH This Week

By providing an overly long string to the UserName parameter, an attacker may be able to overflow the static stack buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Advantech Webaccess
NVD VulDB
EPSS 1% CVSS 7.5
HIGH This Week

An attacker may pass an overly long value from the AccessCode2 argument to the control to overflow the static stack buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Stack Overflow Buffer Overflow +1
NVD VulDB
EPSS 1% CVSS 7.5
HIGH This Week

An attacker may exploit this vulnerability by passing an overly long value from the AccessCode argument to the control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Advantech Webaccess
NVD VulDB
EPSS 1% CVSS 7.5
HIGH This Week

An attacker can exploit this vulnerability by copying an overly long NodeName2 argument into a statically sized buffer on the stack to overflow the static stack buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Stack Overflow Buffer Overflow +1
NVD VulDB
EPSS 1% CVSS 7.5
HIGH This Week

To exploit this vulnerability, the attacker sends data from the GotoCmd argument to control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Stack Overflow Buffer Overflow +1
NVD VulDB
EPSS 1% CVSS 7.5
HIGH This Week

By providing an overly long string to the NodeName parameter, an attacker may be able to overflow the static stack buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Advantech Webaccess
NVD VulDB
EPSS 58% 4.7 CVSS 7.5
HIGH POC THREAT Act Now

An attacker using SQL injection may use arguments to construct queries without proper sanitization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 57.9%.

RCE SQLi Advantech Webaccess
NVD VulDB
EPSS 1% CVSS 3.5
LOW POC Monitor

Cross-site scripting (XSS) vulnerability in Advantech WebAccess (formerly BroadWin WebAccess) before 7.1 2013.05.30 allows remote authenticated users to inject arbitrary web script or HTML via. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Advantech Webaccess
NVD Exploit-DB
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

CSRF Advantech Webaccess
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to execute arbitrary SQL commands via a malformed URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Advantech Webaccess
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Multiple SQL injection vulnerabilities in Advantech/BroadWin WebAccess before 7.0 allow remote attackers to execute arbitrary SQL commands via crafted string input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Advantech Webaccess
NVD
EPSS 3% CVSS 10.0
CRITICAL PATCH Act Now

Buffer overflow in an ActiveX control in bwocxrun.ocx in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code by leveraging the ability to write arbitrary content. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow RCE Advantech Webaccess
NVD
EPSS 6% CVSS 10.0
CRITICAL POC PATCH Act Now

Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via format string specifiers in a message string. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Advantech Webaccess
NVD Exploit-DB
EPSS 8% CVSS 5.0
MEDIUM POC PATCH This Month

Advantech/BroadWin WebAccess before 7.0 allows remote attackers to cause a denial of service (memory corruption) via a modified stream identifier to a function. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Advantech Webaccess
NVD Exploit-DB
EPSS 1% CVSS 10.0
CRITICAL PATCH Act Now

GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

RCE Authentication Bypass Advantech Webaccess
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to modify an administrative password via a password-change request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Advantech Webaccess
NVD
EPSS 3% CVSS 10.0
CRITICAL PATCH Act Now

Stack-based buffer overflow in opcImg.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow RCE Advantech Webaccess
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

Advantech/BroadWin WebAccess before 7.0 allows remote attackers to (1) enable date and time syncing or (2) disable date and time syncing via a crafted URL. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Advantech Webaccess
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

Advantech/BroadWin WebAccess 7.0 and earlier allows remote attackers to obtain sensitive information via a direct request to a URL. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Advantech Webaccess
NVD
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

CSRF Advantech Webaccess
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via a malformed URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Advantech Webaccess
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via a malformed URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Advantech Webaccess
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy