CVE-2016-0854
N/A
N/A
Summary
Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess Dashboard Viewer in Advantech WebAccess before 8.1 allows remote attackers to write to files of arbitrary types via unspecified vectors.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://www.exploit-db.com/exploits/39735/
- http://www.zerodayinitiative.com/advisories/ZDI-16-127
- https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01
- http://www.zerodayinitiative.com/advisories/ZDI-16-128
- http://www.rapid7.com/db/modules/exploit/windows/scada/advantech_webaccess_dashboard_file_upload
- http://www.zerodayinitiative.com/advisories/ZDI-16-129
References
- https://www.exploit-db.com/exploits/39735/
- http://www.zerodayinitiative.com/advisories/ZDI-16-127
- https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01
- http://www.zerodayinitiative.com/advisories/ZDI-16-128
- http://www.rapid7.com/db/modules/exploit/windows/scada/advantech_webaccess_dashboard_file_upload
- http://www.zerodayinitiative.com/advisories/ZDI-16-129
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.