Published: 15/01/2016 Updated: 03/12/2016

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess Dashboard Viewer in Advantech WebAccess prior to 8.1 allows remote malicious users to write to files of arbitrary types via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
advantech webaccess

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::EXE def initialize(info = {}) super(update_ ...

NVD-CWE-Other https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01 http://www.rapid7.com/db/modules/exploit/windows/scada/advantech_webaccess_dashboard_file_upload https://www.exploit-db.com/exploits/39735/http://www.zerodayinitiative.com/advisories/ZDI-16-127 http://www.zerodayinitiative.com/advisories/ZDI-16-129 http://www.zerodayinitiative.com/advisories/ZDI-16-128 https://nvd.nist.gov https://www.exploit-db.com/exploits/39735/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-0854

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect