English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
146377 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.807033
Categoría:Web application abuses
Título:Advantech WebAccess Multiple Vulnerabilities (Jan 2016)
Resumen:Advantech WebAccess is prone to multiple vulnerabilities.
Descripción:Summary:
Advantech WebAccess is prone to multiple vulnerabilities.

Vulnerability Insight:
Multiple flaws are due to:

- The web server does not filter user input correctly.

- Email project accounts are stored in clear text.

- The web server accepts commands via specific scripts that imitate trusted
accounts.

- The Web server settings, accounts, and projects may be modified through
scripted commands.

- WebAccess can be made to run remote code through the use of a browser
plug-in.

- The software reads or writes to a buffer using an index or pointer that
references a memory location after the end of the buffer.

- Normal and remote users have access to files and folders that only
administrators should be allowed to access.

- Unrestricted file upload vulnerability.

- Insufficient sanitization of filenames containing directory traversal
sequences.

- Multiple stack-based buffer overflows.

- Multiple heap-based buffer overflows.

- Integer overflow in the Kernel service.

Vulnerability Impact:
Successfully exploiting this issue allow
remote attacker to upload, create, or delete arbitrary files on the target
system, deny access to valid users and remotely execute arbitrary code.

Affected Software/OS:
Advantech WebAccess versions before 8.1

Solution:
Upgrade to Advantech WebAccess version
8.1 or later.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-3948
https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01
Common Vulnerability Exposure (CVE) ID: CVE-2015-3943
Common Vulnerability Exposure (CVE) ID: CVE-2015-3946
Common Vulnerability Exposure (CVE) ID: CVE-2015-3947
Common Vulnerability Exposure (CVE) ID: CVE-2015-6467
Common Vulnerability Exposure (CVE) ID: CVE-2016-0851
Common Vulnerability Exposure (CVE) ID: CVE-2016-0852
Common Vulnerability Exposure (CVE) ID: CVE-2016-0853
Common Vulnerability Exposure (CVE) ID: CVE-2016-0854
https://www.exploit-db.com/exploits/39735/
http://www.rapid7.com/db/modules/exploit/windows/scada/advantech_webaccess_dashboard_file_upload
http://www.zerodayinitiative.com/advisories/ZDI-16-127
http://www.zerodayinitiative.com/advisories/ZDI-16-128
http://www.zerodayinitiative.com/advisories/ZDI-16-129
Common Vulnerability Exposure (CVE) ID: CVE-2016-0855
http://www.zerodayinitiative.com/advisories/ZDI-16-122
http://www.zerodayinitiative.com/advisories/ZDI-16-123
http://www.zerodayinitiative.com/advisories/ZDI-16-124
http://www.zerodayinitiative.com/advisories/ZDI-16-125
http://www.zerodayinitiative.com/advisories/ZDI-16-126
Common Vulnerability Exposure (CVE) ID: CVE-2016-0856
http://www.zerodayinitiative.com/advisories/ZDI-16-100
http://www.zerodayinitiative.com/advisories/ZDI-16-101
http://www.zerodayinitiative.com/advisories/ZDI-16-102
http://www.zerodayinitiative.com/advisories/ZDI-16-103
http://www.zerodayinitiative.com/advisories/ZDI-16-106
http://www.zerodayinitiative.com/advisories/ZDI-16-108
http://www.zerodayinitiative.com/advisories/ZDI-16-109
http://www.zerodayinitiative.com/advisories/ZDI-16-110
http://www.zerodayinitiative.com/advisories/ZDI-16-111
http://www.zerodayinitiative.com/advisories/ZDI-16-112
http://www.zerodayinitiative.com/advisories/ZDI-16-113
http://www.zerodayinitiative.com/advisories/ZDI-16-114
http://www.zerodayinitiative.com/advisories/ZDI-16-115
http://www.zerodayinitiative.com/advisories/ZDI-16-116
http://www.zerodayinitiative.com/advisories/ZDI-16-117
http://www.zerodayinitiative.com/advisories/ZDI-16-118
http://www.zerodayinitiative.com/advisories/ZDI-16-120
Common Vulnerability Exposure (CVE) ID: CVE-2016-0857
http://www.zerodayinitiative.com/advisories/ZDI-16-107
http://www.zerodayinitiative.com/advisories/ZDI-16-119
http://www.zerodayinitiative.com/advisories/ZDI-16-121
Common Vulnerability Exposure (CVE) ID: CVE-2016-0858
http://www.zerodayinitiative.com/advisories/ZDI-16-105
Common Vulnerability Exposure (CVE) ID: CVE-2016-0859
http://www.zerodayinitiative.com/advisories/ZDI-16-104
Common Vulnerability Exposure (CVE) ID: CVE-2016-0860
http://www.zerodayinitiative.com/advisories/ZDI-16-058
http://www.zerodayinitiative.com/advisories/ZDI-16-074
CopyrightCopyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.