Alex Williams

5 exploits Active since Dec 2019
CVE-2019-18850 WRITEUP HIGH WRITEUP
TrevorC2 <1.1/1.2 - Info Disclosure
TrevorC2 v1.1/v1.2 fails to prevent fingerprinting primarily via a discrepancy between response headers when responding to different HTTP methods, also via predictible responses when accessing and interacting with the "SITE_PATH_QUERY".
CVSS 7.5
CVE-2025-58423 WRITEUP HIGH WRITEUP
Advantech DeviceOn iEdge <= 2.0.2 - Directory Traversal and DoS
Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to cause a denial-of-service condition, traverse directories, or read/write files, within the context of the local system account.
CVSS 8.8
CVE-2025-59171 WRITEUP HIGH WRITEUP
Advantech DeviceOn iEdge < 2.0.2 - Path Traversal and Remote Code Execution via Configuration File Upload
Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to traverse directories and achieve remote code execution with system-level permissions.
CVSS 7.5
CVE-2025-62630 WRITEUP HIGH WRITEUP
Advantech DeviceOn iEdge < 2.0.2 - Path Traversal and Remote Code Execution via Configuration File Upload
Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to traverse directories and achieve remote code execution with system-level permissions.
CVSS 8.8
CVE-2025-64302 WRITEUP MEDIUM WRITEUP
Advantech DeviceOn iEdge < 2.0.2 - Cross-Site Scripting via Dashboard Label or Path
Insufficient input sanitization in the dashboard label or path can allow an attacker to trigger a device error causing information disclosure or data manipulation.
CVSS 6.4