|
293801
|
- |
|
advantech
|
advantech_webaccess
|
GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to execute arbitrary code via unspecified vectors.
|
CWE-287
Improper Authentication
|
CVE-2012-0240
|
2024-11-21 10:34 |
2012-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293802
|
- |
|
advantech
|
advantech_webaccess
|
uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to modify an administrative password via a password-change request.
|
CWE-287
Improper Authentication
|
CVE-2012-0239
|
2024-11-21 10:34 |
2012-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293803
|
- |
|
advantech
|
advantech_webaccess
|
Stack-based buffer overflow in opcImg.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via unspecified vectors.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2012-0238
|
2024-11-21 10:34 |
2012-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293804
|
- |
|
advantech
|
advantech_webaccess
|
Advantech/BroadWin WebAccess before 7.0 allows remote attackers to (1) enable date and time syncing or (2) disable date and time syncing via a crafted URL.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2012-0237
|
2024-11-21 10:34 |
2012-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293805
|
- |
|
advantech
|
advantech_webaccess
|
Advantech/BroadWin WebAccess 7.0 and earlier allows remote attackers to obtain sensitive information via a direct request to a URL. NOTE: the vendor reportedly "does not consider it to be a security…
|
CWE-200
Information Exposure
|
CVE-2012-0236
|
2024-11-21 10:34 |
2012-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293806
|
- |
|
advantech
|
advantech_webaccess
|
Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
|
CWE-352
Origin Validation Error
|
CVE-2012-0235
|
2024-11-21 10:34 |
2012-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293807
|
- |
|
advantech
|
advantech_webaccess
|
SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via a malformed URL.
|
CWE-89
SQL Injection
|
CVE-2012-0234
|
2024-11-21 10:34 |
2012-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293808
|
- |
|
advantech
|
advantech_webaccess
|
Cross-site scripting (XSS) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via a malformed URL.
|
CWE-79
Cross-site Scripting
|
CVE-2012-0233
|
2024-11-21 10:34 |
2012-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293809
|
- |
|
ibm
|
soliddb
|
The server in IBM solidDB 6.5 before Interim Fix 6 does not properly initialize data structures, which allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT state…
|
NVD-CWE-noinfo
|
CVE-2012-0200
|
2024-11-21 10:34 |
2012-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293810
|
- |
|
7t
|
aquis
|
Untrusted search path vulnerability in 7-Technologies (7T) AQUIS 1.5 and earlier allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerabili…
|
NVD-CWE-Other
|
CVE-2012-0224
|
2024-11-21 10:34 |
2012-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
