 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.804430 |
| Categoría: | Web application abuses |
| Título: | Advantech WebAccess Multiple Vulnerabilities |
| Resumen: | Advantech WebAccess is prone to multiple vulnerabilities. |
| Descripción: | Summary: Advantech WebAccess is prone to multiple vulnerabilities. Vulnerability Insight: - Certain input related to some SOAP requests is not properly sanitised within the DBVisitor.dll component before being used in a SQL query. - Multiple boundary errors within the webvact.ocx ActiveX control when handling GotoCmd, NodeName2, AccessCode, UserName, and NodeName strings can be exploited to cause stack-based buffer overflows. - A boundary error within the webvact.ocx ActiveX control when handling the AccessCode2 string can be exploited to cause a stack-based buffer overflow. - Two errors within the 'OpenUrlToBuffer()' and 'OpenUrlToBufferTimeout()' methods of the BWOCXRUN.BwocxrunCtrl.1 ActiveX control can be exploited to disclose contents of arbitrary local or network resources. - An error within the 'CreateProcess()' method of the BWOCXRUN.BwocxrunCtrl.1 ActiveX control can be exploited to bypass the intended restrictions and subsequently execute arbitrary code. Vulnerability Impact: Successful exploitation will allow attackers to conduct SQL injection attacks, bypass certain security restrictions, and compromise a user's system. Affected Software/OS: Advantech WebAccess before 7.2 Solution: Upgrade to Advantech WebAccess 7.2 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-0763 BugTraq ID: 66740 http://www.securityfocus.com/bid/66740 http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03 Common Vulnerability Exposure (CVE) ID: CVE-2014-0764 BugTraq ID: 66718 http://www.securityfocus.com/bid/66718 Common Vulnerability Exposure (CVE) ID: CVE-2014-0765 BugTraq ID: 66722 http://www.securityfocus.com/bid/66722 Common Vulnerability Exposure (CVE) ID: CVE-2014-0766 BugTraq ID: 66725 http://www.securityfocus.com/bid/66725 Common Vulnerability Exposure (CVE) ID: CVE-2014-0767 BugTraq ID: 66728 http://www.securityfocus.com/bid/66728 Common Vulnerability Exposure (CVE) ID: CVE-2014-0768 BugTraq ID: 66732 http://www.securityfocus.com/bid/66732 Common Vulnerability Exposure (CVE) ID: CVE-2014-0770 Common Vulnerability Exposure (CVE) ID: CVE-2014-0771 Common Vulnerability Exposure (CVE) ID: CVE-2014-0772 Common Vulnerability Exposure (CVE) ID: CVE-2014-0773 |
| Copyright | Copyright (C) 2014 Greenbone AG |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |