Advantech: >> Webaccess >> 6.0-2007.06.25 Security Vulnerabilities
Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code via vectors involving a browser plugin.
CVSS Score
8.1
EPSS Score
0.006
Published
2016-01-15
Cross-site scripting (XSS) vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
5.4
EPSS Score
0.003
Published
2016-01-15
SQL injection vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVSS Score
8.1
EPSS Score
0.003
Published
2016-01-15
Cross-site request forgery (CSRF) vulnerability in Advantech WebAccess before 8.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVSS Score
8.8
EPSS Score
0.001
Published
2016-01-15
Advantech WebAccess before 8.1 allows remote attackers to read sensitive cleartext information about e-mail project accounts via unspecified vectors.
CVSS Score
5.3
EPSS Score
0.003
Published
2016-01-15
Multiple stack-based buffer overflows in unspecified DLL files in Advantech WebAccess before 8.0.1 allow remote attackers to execute arbitrary code via unknown vectors.
CVSS Score
10.0
EPSS Score
0.2
Published
2015-09-11
Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin WebAccess, before 8.0 allows remote attackers to execute arbitrary code via a crafted ip_address parameter in an HTML document.
CVSS Score
7.2
EPSS Score
0.002
Published
2014-11-21
Page 9