CVE-2016-0854
CVE-2016-0854
Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess Dashboard Viewer in Advantech WebAccess before 8.1 allows remote attackers to write to files of arbitrary types via unspecified vectors.
Productos afectados
n/a · n/aPoCs públicas encontradas — 2
cve_referencewww.exploit-db.com/exploits/39735/no verificadoexploitdbwww.exploit-db.com/exploits/39735no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01https://www.exploit-db.com/exploits/39735/http://www.rapid7.com/db/modules/exploit/windows/scada/advantech_webaccess_dashboard_file_uploadhttp://www.zerodayinitiative.com/advisories/ZDI-16-127http://www.zerodayinitiative.com/advisories/ZDI-16-128http://www.zerodayinitiative.com/advisories/ZDI-16-129