Search Results (388 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-16724 1 Advantech 1 Webaccess 2024-11-21 N/A
A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple instances of a vulnerability that allows too much data to be written to a location on the stack.
CVE-2017-16720 1 Advantech 1 Webaccess 2024-11-21 N/A
A Path Traversal issue was discovered in WebAccess versions 8.3.2 and earlier. An attacker has access to files within the directory structure of the target device.
CVE-2017-16716 1 Advantech 1 Webaccess 2024-11-21 N/A
A SQL Injection issue was discovered in WebAccess versions prior to 8.3. WebAccess does not properly sanitize its inputs for SQL commands.
CVE-2024-39275 1 Advantech 2 Adam-5630, Adam-5630 Firmware 2024-10-07 8 High
Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a session is closed. Forging requests with a legitimate cookie, even if the session was terminated, allows an unauthorized attacker to act with the same level of privileges of the legitimate user.
CVE-2024-38308 1 Advantech 2 Adam-5550, Adam 5550-firmware 2024-10-07 8.8 High
Advantech ADAM 5550's web application includes a "logs" page where all the HTTP requests received are displayed to the user. The device doesn't correctly neutralize malicious code when parsing HTTP requests to generate page output.
CVE-2024-34542 1 Advantech 2 Adam-5630, Adam-5630 Firmware 2024-10-07 5.7 Medium
Advantech ADAM-5630 shares user credentials plain text between the device and the user source device during the login process.
CVE-2024-37187 1 Advantech 2 Adam-5550, Adam-5550 Firmware 2024-10-07 5.7 Medium
Advantech ADAM-5550 share user credentials with a low level of encryption, consisting of base 64 encoding.
CVE-2024-28948 1 Advantech 2 Adam-5630, Adam-5630 Firmware 2024-10-04 8 High
Advantech ADAM-5630 contains a cross-site request forgery (CSRF) vulnerability. It allows an attacker to partly circumvent the same origin policy, which is designed to prevent different websites from interfering with each other.