Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
webaccess vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2019-10985
In WebAccess/SCADA, Versions 8.3.5 and prior, a path traversal vulnerability is caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage this vulnerability to delete files while posing as an administrator.
Advantech Webaccess
6.8
CVSSv2
CVE-2019-10987
In WebAccess/SCADA Versions 8.3.5 and prior, multiple out-of-bounds write vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution.
Advantech Webaccess
7.5
CVSSv2
CVE-2019-10989
In WebAccess/SCADA Versions 8.3.5 and prior, multiple heap-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. Note: A different vulnerability t...
Advantech Webaccess
7.5
CVSSv2
CVE-2019-10993
In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote malicious user to execute arbitrary code.
Advantech Webaccess
7.5
CVSSv2
CVE-2019-10991
In WebAccess/SCADA, Versions 8.3.5 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution.
Advantech Webaccess
7.5
CVSSv2
CVE-2019-3954
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated malicious user to execute arbitrary code by sending a crafted IOCTL 81024 RPC call.
Advantech Webaccess 8.4.0
7.5
CVSSv2
CVE-2019-3953
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated malicious user to execute arbitrary code by sending a crafted IOCTL 10012 RPC call.
Advantech Webaccess 8.4.0
4.3
CVSSv2
CVE-2019-7219
Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and previous versions. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; however, some former Zarafa Webapp customers use the related Kopano product i...
Zarafa Webaccess 7.2.0-48204
1 Github repository
7.5
CVSSv2
CVE-2019-3940
Advantech WebAccess 8.3.4 is vulnerable to file upload attacks via unauthenticated RPC call. An unauthenticated, remote attacker can use this vulnerability to execute arbitrary code.
Advantech Webaccess 8.3.4
6.4
CVSSv2
CVE-2019-3941
Advantech WebAccess 8.3.4 allows unauthenticated, remote malicious users to delete arbitrary files via IOCTL 10005 RPC.
Advantech Webaccess 8.3.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »