Skip to main content

Webaccess

97 CVEs product

Monthly

CVE-2015-3947 HIGH This Week

SQL injection vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Webaccess
NVD
CVSS 3.0
8.1
EPSS
0.2%
CVE-2015-3946 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Advantech WebAccess before 8.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Webaccess
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2015-3943 MEDIUM This Month

Advantech WebAccess before 8.1 allows remote attackers to read sensitive cleartext information about e-mail project accounts via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Webaccess
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2014-9202 MEDIUM This Month

Multiple stack-based buffer overflows in an unspecified DLL file in Advantech WebAccess before 8.0_20150816 allow remote attackers to execute arbitrary code via a crafted file that triggers long. Rated medium severity (CVSS 6.9). No vendor patch available.

RCE Buffer Overflow Webaccess
NVD
CVSS 2.0
6.9
EPSS
0.5%
CVE-2014-9208 CRITICAL POC THREAT Emergency

Multiple stack-based buffer overflows in unspecified DLL files in Advantech WebAccess before 8.0.1 allow remote attackers to execute arbitrary code via unknown vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 22.3%.

RCE Buffer Overflow Webaccess
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
22.3%
Threat
4.2
CVE-2014-8388 HIGH This Week

Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin WebAccess, before 8.0 allows remote attackers to execute arbitrary code via a crafted ip_address parameter in an HTML document. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

RCE Buffer Overflow Webaccess
NVD
CVSS 2.0
7.2
EPSS
0.2%
CVE-2014-5449 LOW Monitor

Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Webaccess Webapp
NVD
CVSS 2.0
2.1
EPSS
0.0%
EPSS 0% CVSS 8.1
HIGH This Week

SQL injection vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Webaccess
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Advantech WebAccess before 8.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Webaccess
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Advantech WebAccess before 8.1 allows remote attackers to read sensitive cleartext information about e-mail project accounts via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Webaccess
NVD
EPSS 1% CVSS 6.9
MEDIUM This Month

Multiple stack-based buffer overflows in an unspecified DLL file in Advantech WebAccess before 8.0_20150816 allow remote attackers to execute arbitrary code via a crafted file that triggers long. Rated medium severity (CVSS 6.9). No vendor patch available.

RCE Buffer Overflow Webaccess
NVD
EPSS 22% 4.2 CVSS 10.0
CRITICAL POC THREAT Emergency

Multiple stack-based buffer overflows in unspecified DLL files in Advantech WebAccess before 8.0.1 allow remote attackers to execute arbitrary code via unknown vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 22.3%.

RCE Buffer Overflow Webaccess
NVD Exploit-DB
EPSS 0% CVSS 7.2
HIGH This Week

Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin WebAccess, before 8.0 allows remote attackers to execute arbitrary code via a crafted ip_address parameter in an HTML document. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

RCE Buffer Overflow Webaccess
NVD
EPSS 0% CVSS 2.1
LOW Monitor

Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Webaccess Webapp
NVD
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy