advantech advantech_webaccess CVE Vulnerabilities (44)

CVEs: 44 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting advantech advantech_webaccess (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 2140 of 44 CVEs
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2014-0765 To exploit this vulnerability, the attacker sends data from the GotoCmd argument to control. If the value of the argument is overly long, the static stack buffer can be overflowed. This will allow the attacker to execute arbitrary code remotely. [email protected] 7.5 2.67% 2014-04-12 2026-06-16
CVE-2014-0764 By providing an overly long string to the NodeName parameter, an attacker may be able to overflow the static stack buffer. The attacker may then execute code on the target device remotely. [email protected] 7.5 2.67% 2014-04-12 2026-06-16
CVE-2014-0763 An attacker using SQL injection may use arguments to construct queries without proper sanitization. The DBVisitor.dll is exposed through SOAP interfaces, and the exposed functions are vulnerable to SOAP injection. This may allow unexpected SQL action and access to records in the table of the software database or execution of arbitrary code. [email protected] 7.5 19.24% 2014-04-12 2026-06-16
CVE-2013-2299 Cross-site scripting (XSS) vulnerability in Advantech WebAccess (formerly BroadWin WebAccess) before 7.1 2013.05.30 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. [email protected] 3.5 1.44% 2013-08-22 2026-06-16
CVE-2012-1235 Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0235. [email protected] 6.0 0.52% 2012-02-21 2026-06-16
CVE-2012-1234 SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to execute arbitrary SQL commands via a malformed URL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0234. [email protected] 6.5 1.17% 2012-02-21 2026-06-16
CVE-2012-0244 Multiple SQL injection vulnerabilities in Advantech/BroadWin WebAccess before 7.0 allow remote attackers to execute arbitrary SQL commands via crafted string input. [email protected] 7.5 1.25% 2012-02-21 2026-06-16
CVE-2012-0243 Buffer overflow in an ActiveX control in bwocxrun.ocx in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code by leveraging the ability to write arbitrary content to any pathname. [email protected] 10.0 4.30% 2012-02-21 2026-06-16
CVE-2012-0242 Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via format string specifiers in a message string. [email protected] 10.0 7.17% 2012-02-21 2026-06-16
CVE-2012-0241 Advantech/BroadWin WebAccess before 7.0 allows remote attackers to cause a denial of service (memory corruption) via a modified stream identifier to a function. [email protected] 5.0 4.91% 2012-02-21 2026-06-16
CVE-2012-0240 GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to execute arbitrary code via unspecified vectors. [email protected] 10.0 4.31% 2012-02-21 2026-06-16
CVE-2012-0239 uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to modify an administrative password via a password-change request. [email protected] 5.0 1.20% 2012-02-21 2026-06-16
CVE-2012-0238 Stack-based buffer overflow in opcImg.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via unspecified vectors. [email protected] 10.0 4.30% 2012-02-21 2026-06-16
CVE-2012-0237 Advantech/BroadWin WebAccess before 7.0 allows remote attackers to (1) enable date and time syncing or (2) disable date and time syncing via a crafted URL. [email protected] 6.4 1.31% 2012-02-21 2026-06-16
CVE-2012-0236 Advantech/BroadWin WebAccess 7.0 and earlier allows remote attackers to obtain sensitive information via a direct request to a URL. NOTE: the vendor reportedly "does not consider it to be a security risk." [email protected] 5.0 1.29% 2012-02-21 2026-06-16
CVE-2012-0235 Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. [email protected] 6.0 0.51% 2012-02-21 2026-06-16
CVE-2012-0234 SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via a malformed URL. [email protected] 7.5 1.25% 2012-02-21 2026-06-16
CVE-2012-0233 Cross-site scripting (XSS) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via a malformed URL. [email protected] 4.3 1.00% 2012-02-21 2026-06-16
CVE-2011-4526 Buffer overflow in an ActiveX control in Advantech/BroadWin WebAccess before 7.0 might allow remote attackers to execute arbitrary code via a long string value in unspecified parameters. [email protected] 10.0 4.30% 2012-02-21 2026-06-16
CVE-2011-4525 Advantech/BroadWin WebAccess before 7.0 allows remote attackers to trigger the extraction of arbitrary web content into a batch file on a client system, and execute this batch file, via unspecified vectors. [email protected] 10.0 2.18% 2012-02-21 2026-06-16
cvelogic Threat Intelligence