Описание
Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess Dashboard Viewer in Advantech WebAccess before 8.1 allows remote attackers to write to files of arbitrary types via unspecified vectors.
Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess Dashboard Viewer in Advantech WebAccess before 8.1 allows remote attackers to write to files of arbitrary types via unspecified vectors.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2016-0854
- https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01
- https://www.exploit-db.com/exploits/39735
- http://www.rapid7.com/db/modules/exploit/windows/scada/advantech_webaccess_dashboard_file_upload
- http://www.zerodayinitiative.com/advisories/ZDI-16-127
- http://www.zerodayinitiative.com/advisories/ZDI-16-128
- http://www.zerodayinitiative.com/advisories/ZDI-16-129
Связанные уязвимости
Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess Dashboard Viewer in Advantech WebAccess before 8.1 allows remote attackers to write to files of arbitrary types via unspecified vectors.
Уязвимость программного обеспечения удаленного мониторинга Advantech WebAccess, позволяющая нарушителю изменять файлы любого типа