Advantech WebAccess ICSA-16-014-01 Multiple Security Vulnerabilities
Advantech WebAccess is prone to following security vulnerabilities:
1. A denial-of-service vulnerability
2. An arbitrary file-upload vulnerability
3. A directory-traversal vulnerability
4. Multiple stack-based buffer-overflow vulnerabilities
5. A heap-based buffer overflow vulnerability
6. Multiple buffer-overflow vulnerabilities
7. Multiple information disclosure vulnerabilities
8. A cross-site scripting vulnerability
9. An SQL-injection vulnerability
10. A cross-site request forgery vulnerability
11. A remote-code execution vulnerability
An attacker can exploit these issues to execute arbitrary code in the context of the application, cause a denial-of-service condition, upload arbitrary files, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, to use directory-traversal sequences ('../') to retrieve arbitrary files, obtain sensitive information and perform certain unauthorized actions. This may aid in further attacks.
Advantech WebAccess 8.0 and prior versions are vulnerable.