Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
advantech

Advantech WebAccess

3 Versions 9 CVEs

Versions

8.3.1 and 8.3.2

OTHER 3 CVEs

WebAccess Versions 8.3.1 and prior

OTHER 4 CVEs

8.3.2 and below

OTHER 2 CVEs

Recent CVEs

CVE-2018-15707

Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. An attacker could leverage this vulnerability to disclose credentials amongst other things.

UNKNOWN Oct 31, 2018

CVE-2018-15705

WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability to remotely execute arbitrary code.

UNKNOWN Oct 31, 2018

CVE-2018-15706

WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API.

UNKNOWN Oct 31, 2018

CVE-2018-14820

Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing.

UNKNOWN Oct 23, 2018

CVE-2018-14816

Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code.

UNKNOWN Oct 23, 2018

CVE-2018-14806

Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code.

UNKNOWN Oct 23, 2018

CVE-2018-14828

Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level.

UNKNOWN Oct 23, 2018

CVE-2018-15703

Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim to supply malicious HTML or JavaScript code to WebAccess, which is then reflected back to the victim and executed by the web browser.

UNKNOWN Oct 22, 2018

CVE-2018-15704

Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability by sending a crafted HTTP request to broadweb/system/opcImg.asp.

UNKNOWN Oct 22, 2018