RSS   Vulnerabilities for 'Webaccess'   RSS

2018-10-31
 
CVE-2018-15707

CWE-79
 

 
Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. An attacker could leverage this vulnerability to disclose credentials amongst other things.

 
 
CVE-2018-15706

CWE-22
 

 
WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API.

 
 
CVE-2018-15705

CWE-22
 

 
WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability to remotely execute arbitrary code.

 
2018-10-29
 
CVE-2018-17910

CWE-119
 

 
WebAccess Versions 8.3.2 and prior. The application fails to properly validate the length of user-supplied data, causing a buffer overflow condition that allows for arbitrary remote code execution.

 
 
CVE-2018-17908

CWE-284
 

 
WebAccess Versions 8.3.2 and prior. During installation, the application installer disables user access control and does not re-enable it after the installation is complete. This could allow an attacker to run elevated arbitrary code.

 
2018-10-23
 
CVE-2018-14828

CWE-264
 

 
Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level.

 
 
CVE-2018-14820

CWE-20
 

 
Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing.

 
 
CVE-2018-14816

CWE-119
 

 
Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code.

 
 
CVE-2018-14806

CWE-22
 

 
Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code.

 
2018-10-22
 
CVE-2018-15704

CWE-119
 

 
Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability by sending a crafted HTTP request to broadweb/system/opcImg.asp.

 


Copyright 2019, cxsecurity.com

 

Back to Top