Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 8 allows remote authenticated users to hijack the authentication of arbitrary users for requests that...
Cross-site scripting (XSS) vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Date published : 2016-01-14 https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01
SQL injection vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Date published : 2016-01-14 https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01
Cross-site request forgery (CSRF) vulnerability in Advantech WebAccess before 8.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Date published : 2016-01-14 https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01
Advantech WebAccess before 8.1 allows remote attackers to read sensitive cleartext information about e-mail project accounts via unspecified vectors. Date published : 2016-01-14 https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01
FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the subfile protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which...
FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which...
Buffer overflow in the BwpAlarm subsystem in Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service via a crafted RPC request. Date published : 2016-01-14 http://www.zerodayinitiative.com/advisories/ZDI-16-058 http://www.zerodayinitiative.com/advisories/ZDI-16-074
Integer overflow in the Kernel service in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted RPC request. Date published...
Race condition in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted request. Date published : 2016-01-14 http://www.zerodayinitiative.com/advisories/ZDI-16-105 https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01
Multiple heap-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors. Date published : 2016-01-14 http://www.zerodayinitiative.com/advisories/ZDI-16-107 http://www.zerodayinitiative.com/advisories/ZDI-16-119
Multiple stack-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors. Date published : 2016-01-14 http://www.zerodayinitiative.com/advisories/ZDI-16-100 http://www.zerodayinitiative.com/advisories/ZDI-16-101
Directory traversal vulnerability in Advantech WebAccess before 8.1 allows remote attackers to list arbitrary virtual-directory files via unspecified vectors. Date published : 2016-01-14 http://www.zerodayinitiative.com/advisories/ZDI-16-122 http://www.zerodayinitiative.com/advisories/ZDI-16-123
Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess Dashboard Viewer in Advantech WebAccess before 8.1 allows remote attackers to write to files of arbitrary types via unspecified...