threat
engine
.sh
Back
·
··:··
Home
/
Product
/
advantech webaccess
Product
advantech webaccess
147 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2023-4215
all versions
Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could
6.5
MEDIUM
CVE-2023-2866
all versions
If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5
7.3
HIGH
CVE-2021-38389
<= 9.0.2
Advantech WebAccess versions 9.02 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remote
9.8
CRITICAL
CVE-2021-33023
<= 9.0.2
Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotel
9.8
CRITICAL
CVE-2021-38408
<= 9.02
A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validation o
9.8
CRITICAL
CVE-2021-34540
all versions
Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column of the bwRoot.asp page of WADashboard.
6.1
MEDIUM
CVE-2020-16202
< 9.0.1
WebAccess Node (All versions prior to 9.0.1) has incorrect permissions set for resources used by specific services, which may allo
7.8
HIGH
CVE-2020-12019
<= 8.4.4
WebAccess Node Version 8.4.4 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely exe
9.8
CRITICAL
CVE-2020-12026
<= 8.4.4
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may
8.8
HIGH
CVE-2020-12022
<= 8.4.4
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An improper validation vulnerability exists that could allow an
9.8
CRITICAL
CVE-2020-12018
<= 8.4.4
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An out-of-bounds vulnerability exists that may allow access to u
7.5
HIGH
CVE-2020-12014
<= 8.4.4
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Input is not properly sanitized and may allow an attacker to inj
7.5
HIGH
CVE-2020-12010
<= 8.4.4
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may
7.1
HIGH
CVE-2020-12006
<= 8.4.4
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may
9.8
CRITICAL
CVE-2020-12002
<= 8.4.4
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple stack-based buffer overflow vulnerabilities exist cause
9.8
CRITICAL
CVE-2020-10638
<= 8.4.4
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflow vulnerabilities exist caused
9.8
CRITICAL
CVE-2019-3942
all versions
Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attac
7.5
HIGH
CVE-2020-10607
<= 8.4.2
In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validatio
8.8
HIGH
CVE-2019-3951
< 8.4.3
Advantech WebAccess before 8.4.3 allows unauthenticated remote attackers to execute arbitrary code or cause a denial of service (m
9.8
CRITICAL
CVE-2019-13558
<= 8.4.1
In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper control of generation of code, whic
9.8
CRITICAL
CVE-2019-13556
<= 8.4.1
In WebAccess versions 8.4.1 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validat
8.8
HIGH
CVE-2019-13552
<= 8.4.1
In WebAccess versions 8.4.1 and prior, multiple command injection vulnerabilities are caused by a lack of proper validation of use
8.8
HIGH
CVE-2019-13550
<= 8.4.1
In WebAccess, versions 8.4.1 and prior, an improper authorization vulnerability may allow an attacker to disclose sensitive inform
9.8
CRITICAL
CVE-2019-3975
all versions
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows a remote, unauthenticated attacker to execute arbitrary code
9.8
CRITICAL
CVE-2019-10993
<= 8.3.5
In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to
9.8
CRITICAL
CVE-2019-10991
<= 8.3.5
In WebAccess/SCADA, Versions 8.3.5 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper
9.8
CRITICAL
CVE-2019-10989
<= 8.3.5
In WebAccess/SCADA Versions 8.3.5 and prior, multiple heap-based buffer overflow vulnerabilities are caused by a lack of proper va
9.8
CRITICAL
CVE-2019-10987
<= 8.3.5
In WebAccess/SCADA Versions 8.3.5 and prior, multiple out-of-bounds write vulnerabilities are caused by a lack of proper validatio
8.8
HIGH
CVE-2019-10985
<= 8.3.5
In WebAccess/SCADA, Versions 8.3.5 and prior, a path traversal vulnerability is caused by a lack of proper validation of a user-su
9.1
CRITICAL
CVE-2019-10983
<= 8.3.5
In WebAccess/SCADA Versions 8.3.5 and prior, an out-of-bounds read vulnerability is caused by a lack of proper validation of user-
7.5
HIGH
CVE-2019-3954
all versions
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code
9.8
CRITICAL
CVE-2019-3953
all versions
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code
9.8
CRITICAL
CVE-2019-3941
all versions
Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to delete arbitrary files via IOCTL 10005 RPC.
7.5
HIGH
CVE-2019-3940
all versions
Advantech WebAccess 8.3.4 is vulnerable to file upload attacks via unauthenticated RPC call. An unauthenticated, remote attacker c
9.8
CRITICAL
CVE-2019-6554
<= 8.3.5
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper access control vulnerability may allow an attacker to cause a den
7.5
HIGH
CVE-2019-6552
<= 8.3.5
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command injection vulnerabilities, caused by a lack of proper valida
9.8
CRITICAL
CVE-2019-6550
<= 8.3.5
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-based buffer overflow vulnerabilities, caused by a lack of pro
9.8
CRITICAL
CVE-2018-15707
all versions
Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. An attacker could leverage
5.4
MEDIUM
CVE-2018-15706
all versions
WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem du
6.5
MEDIUM
CVE-2018-15705
all versions
WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the
6.5
MEDIUM
CVE-2018-17910
<= 8.3.2
WebAccess Versions 8.3.2 and prior. The application fails to properly validate the length of user-supplied data, causing a buffer
7.8
HIGH
CVE-2018-17908
<= 8.3.2
WebAccess Versions 8.3.2 and prior. During installation, the application installer disables user access control and does not re-en
7.8
HIGH
CVE-2018-14828
<= 8.3.1
Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access th
7.8
HIGH
CVE-2018-14820
<= 8.3.1
Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerabil
7.5
HIGH
CVE-2018-14816
<= 8.3.1
Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may
9.8
CRITICAL
CVE-2018-14806
<= 8.3.1
Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code.
9.8
CRITICAL
CVE-2018-15704
<= 8.3.2
Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability. A remote authenticated attacker could
8.8
HIGH
CVE-2018-15703
<= 8.3.2
Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. A remote unauthentic
6.1
MEDIUM
CVE-2018-8845
<= 8.2_20170817
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.1
9.8
CRITICAL
CVE-2018-8841
<= 8.2_20170817
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.1
7.8
HIGH
CVE-2018-7505
<= 8.2_20170817
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.1
9.8
CRITICAL
CVE-2018-7503
<= 8.2_20170817
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.1
7.5
HIGH
CVE-2018-7501
<= 8.2_20170817
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.1
7.5
HIGH
CVE-2018-7499
<= 8.2_20170817
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.1
9.8
CRITICAL
CVE-2018-7497
<= 8.2_20170817
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.1
9.8
CRITICAL
CVE-2018-7495
<= 8.2_20170817
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.1
7.5
HIGH
CVE-2018-10591
<= 8.2_20170817
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.1
6.1
MEDIUM
CVE-2018-10590
<= 8.2_20170817
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.1
7.5
HIGH
CVE-2018-10589
<= 8.2_20170817
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.1
9.8
CRITICAL
CVE-2017-5175
<= 8.1
Advantech WebAccess 8.1 and earlier contains a DLL hijacking vulnerability which may allow an attacker to run a malicious DLL file
7.8
HIGH
CVE-2018-6911
all versions
The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS commands
9.8
CRITICAL
CVE-2017-16736
< 8.3
An Unrestricted Upload Of File With Dangerous Type issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess al
7.5
HIGH
CVE-2017-16732
< 8.3
A use-after-free issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows an unauthenticated attacker t
6.5
MEDIUM
CVE-2017-16753
< 8.3
An Improper Input Validation issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows some inputs that
7.5
HIGH
CVE-2017-16728
< 8.3
An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabili
7.5
HIGH
CVE-2017-16724
< 8.3
A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple instances of a
9.8
CRITICAL
CVE-2017-16720
<= 8.3.2
A Path Traversal issue was discovered in WebAccess versions 8.3.2 and earlier. An attacker has access to files within the director
9.8
CRITICAL
CVE-2017-16716
< 8.3
A SQL Injection issue was discovered in WebAccess versions prior to 8.3. WebAccess does not properly sanitize its inputs for SQL c
9.8
CRITICAL
CVE-2017-14016
< 8.2_20170817
A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. The application lacks p
6.3
MEDIUM
CVE-2017-12719
< 8.2_20170817
An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A remote attacker is
7.5
HIGH
CVE-2017-12717
<= 8.2
An Uncontrolled Search Path Element issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A maliciously cra
7.8
HIGH
CVE-2017-12713
<= 8.2
An Incorrect Permission Assignment for Critical Resource issue was discovered in Advantech WebAccess versions prior to V8.2_201708
7.8
HIGH
CVE-2017-12711
<= 8.2
An Incorrect Privilege Assignment issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A built-in user acc
7.8
HIGH
CVE-2017-12710
<= 8.2
A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. By submitting a specially crafted par
7.5
HIGH
CVE-2017-12708
<= 8.2
An Improper Restriction Of Operations Within The Bounds Of A Memory Buffer issue was discovered in Advantech WebAccess versions pr
9.8
CRITICAL
CVE-2017-12706
<= 8.2
A stack-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identi
9.8
CRITICAL
CVE-2017-12704
<= 8.2
A heap-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identif
8.8
HIGH
CVE-2017-12702
<= 8.2
An Externally Controlled Format String issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. String format
8.8
HIGH
CVE-2017-12698
<= 8.2
An Improper Authentication issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Specially crafted requests
9.8
CRITICAL
CVE-2017-7929
<= 8.1
An Absolute Path Traversal issue was discovered in Advantech WebAccess Version 8.1 and prior. The absolute path traversal vulnerab
7.1
HIGH
CVE-2016-5810
<= 8.1
upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive password i
4.9
MEDIUM
CVE-2017-5154
all versions
An issue was discovered in Advantech WebAccess Version 8.1. To be able to exploit the SQL injection vulnerability, an attacker mus
9.8
CRITICAL
CVE-2017-5152
all versions
An issue was discovered in Advantech WebAccess Version 8.1. By accessing a specific uniform resource locator (URL) on the web serv
9.1
CRITICAL
CVE-2016-4528
<= 8.1
Buffer overflow in Advantech WebAccess before 8.1_20160519 allows local users to cause a denial of service via a crafted DLL file.
5.0
MEDIUM
CVE-2016-4525
<= 8.1
Unspecified ActiveX controls in Advantech WebAccess before 8.1_20160519 allow remote authenticated users to obtain sensitive infor
6.6
MEDIUM
CVE-2016-0860
<= 8.0
Buffer overflow in the BwpAlarm subsystem in Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service v
7.5
HIGH
CVE-2016-0859
<= 8.0
Integer overflow in the Kernel service in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or caus
9.8
CRITICAL
CVE-2016-0858
<= 8.0
Race condition in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (b
8.1
HIGH
CVE-2016-0857
<= 8.0
Multiple heap-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspec
9.8
CRITICAL
CVE-2016-0856
<= 8.0
Multiple stack-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspe
9.8
CRITICAL
CVE-2016-0855
<= 8.0
Directory traversal vulnerability in Advantech WebAccess before 8.1 allows remote attackers to list arbitrary virtual-directory fi
7.5
HIGH
CVE-2016-0854
<= 8.0
Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess Dashboard
9.8
CRITICAL
CVE-2016-0853
<= 8.0
Advantech WebAccess before 8.1 allows remote attackers to obtain sensitive information via crafted input.
7.5
HIGH
CVE-2016-0852
<= 8.0
Advantech WebAccess before 8.1 allows remote attackers to bypass an intended administrative requirement and obtain file or folder
7.5
HIGH
CVE-2016-0851
<= 8.0
Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service (out-of-bounds memory access) via unspecified
7.5
HIGH
CVE-2015-6467
<= 8.0
Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code via vectors involving a browser plugin.
8.1
HIGH
CVE-2015-3948
<= 8.0
Cross-site scripting (XSS) vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to inject arbitrary w
5.4
MEDIUM
CVE-2015-3947
<= 8.0
SQL injection vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to execute arbitrary SQL commands
8.1
HIGH
CVE-2015-3946
<= 8.0
Cross-site request forgery (CSRF) vulnerability in Advantech WebAccess before 8.1 allows remote attackers to hijack the authentica
8.8
HIGH
CVE-2015-3943
<= 8.0
Advantech WebAccess before 8.1 allows remote attackers to read sensitive cleartext information about e-mail project accounts via u
5.3
MEDIUM
CVE-2014-9202
all versions
Multiple stack-based buffer overflows in an unspecified DLL file in Advantech WebAccess before 8.0_20150816 allow remote attackers
CVE-2014-9208
<= 8.0
Multiple stack-based buffer overflows in unspecified DLL files in Advantech WebAccess before 8.0.1 allow remote attackers to execu
CVE-2014-8388
<= 7.2
Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin WebAccess, before 8.0 allows remote attackers to execute arb
CVE-2014-0992
all versions
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary
CVE-2014-0991
all versions
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary
CVE-2014-0990
all versions
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary
CVE-2014-0989
all versions
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary
CVE-2014-0988
all versions
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary
CVE-2014-0987
all versions
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary
CVE-2014-0986
all versions
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary
CVE-2014-0985
all versions
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary
CVE-2014-2368
<= 7.1
The BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows remote attackers to read arbitrar
CVE-2014-2367
<= 7.1
The ChkCookie subroutine in an ActiveX control in broadweb/include/gChkCook.asp in Advantech WebAccess before 7.2 allows remote at
CVE-2014-2366
<= 7.1
upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source c
CVE-2014-2365
<= 7.1
Unspecified vulnerability in Advantech WebAccess before 7.2 allows remote authenticated users to create or delete arbitrary files
CVE-2014-2364
<= 7.1
Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a lon
CVE-2014-0773
<= 7.1
The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “CreateProcess.” This method contains validation to ensure an att
CVE-2014-0772
<= 7.1
The BWOCXRUN.BwocxrunCtrl.1 control contains a method named OpenUrlToBufferTimeout. This method takes a URL as a parameter and r
CVE-2014-0771
<= 7.1
The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “OpenUrlToBuffer.” This method takes a URL as a parameter and ret
CVE-2014-0770
<= 7.1
By providing an overly long string to the UserName parameter, an attacker may be able to overflow the static stack buffer. The at
CVE-2014-0768
<= 7.1
An attacker may pass an overly long value from the AccessCode2 argument to the control to overflow the static stack buffer. The a
CVE-2014-0767
<= 7.1
An attacker may exploit this vulnerability by passing an overly long value from the AccessCode argument to the control. This will
CVE-2014-0766
<= 7.1
An attacker can exploit this vulnerability by copying an overly long NodeName2 argument into a statically sized buffer on the sta
CVE-2014-0765
<= 7.1
To exploit this vulnerability, the attacker sends data from the GotoCmd argument to control. If the value of the argument is over
CVE-2014-0764
<= 7.1
By providing an overly long string to the NodeName parameter, an attacker may be able to overflow the static stack buffer. The at
CVE-2014-0763
<= 7.1
An attacker using SQL injection may use arguments to construct queries without proper sanitization. The DBVisitor.dll is exposed
CVE-2013-2299
<= 7.0
Cross-site scripting (XSS) vulnerability in Advantech WebAccess (formerly BroadWin WebAccess) before 7.1 2013.05.30 allows remote
CVE-2012-1235
<= 6.0
Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to hijack th
CVE-2012-1234
<= 6.0
SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to execute arbitrary SQL command
CVE-2012-0244
<= 6.0
Multiple SQL injection vulnerabilities in Advantech/BroadWin WebAccess before 7.0 allow remote attackers to execute arbitrary SQL
CVE-2012-0243
<= 6.0
Buffer overflow in an ActiveX control in bwocxrun.ocx in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execut
CVE-2012-0242
<= 6.0
Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via forma
CVE-2012-0241
<= 6.0
Advantech/BroadWin WebAccess before 7.0 allows remote attackers to cause a denial of service (memory corruption) via a modified st
CVE-2012-0240
<= 6.0
GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attacke
CVE-2012-0239
<= 6.0
uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers
CVE-2012-0238
<= 6.0
Stack-based buffer overflow in opcImg.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary
CVE-2012-0237
<= 6.0
Advantech/BroadWin WebAccess before 7.0 allows remote attackers to (1) enable date and time syncing or (2) disable date and time s
CVE-2012-0236
<= 6.0
Advantech/BroadWin WebAccess 7.0 and earlier allows remote attackers to obtain sensitive information via a direct request to a URL
CVE-2012-0235
<= 6.0
Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to hijack the a
CVE-2012-0234
<= 6.0
SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands v
CVE-2012-0233
<= 6.0
Cross-site scripting (XSS) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary we
CVE-2011-4526
<= 6.0
Buffer overflow in an ActiveX control in Advantech/BroadWin WebAccess before 7.0 might allow remote attackers to execute arbitrary
CVE-2011-4525
<= 6.0
Advantech/BroadWin WebAccess before 7.0 allows remote attackers to trigger the extraction of arbitrary web content into a batch fi
CVE-2011-4524
<= 6.0
Buffer overflow in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via a long string val
CVE-2011-4523
<= 6.0
Cross-site scripting (XSS) vulnerability in bwview.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to injec
CVE-2011-4522
<= 6.0
Cross-site scripting (XSS) vulnerability in bwerrdn.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inje
CVE-2011-4521
<= 6.0
SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands v
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin