4 matches found
CVE-2012-6427
The Carlo Gavazzi EOS-Box does not check the validity of the data before executing queries. By accessing the SQL table of certain pages that do not require authentication, attackers can leak information from the device. This could allow the attacker to compromise confidentiality...
Sql injection
Multiple SQL injection vulnerabilities in Carlo Gavazzi EOS-Box with firmware before 1.0.0.10802.1.10 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, a similar issue to CVE-2012-5861...
CVE-2012-5861
CVE-2012-5861 affects Sinapsi Sinapsi eSolar family devices (Light, DUO, eSolar) with firmware prior to 2.0.2870_xxx_2.2.12. The issue is SQL injection caused by unvalidated data in web-facing components, allowing remote attackers to access SQL tables and leak confidential information. The relate...
Sinapsi Devices Vulnerabilities
Overview This advisory is a follow-up to the alert titled ICS-ALERT-12-284-01—Sinapsi eSolar Light Vulnerabilities that was published October 10, 2012. Independent researchers Roberto Paleari and Ivan Speziale identified four vulnerabilities and released proof-of-concept exploit code for the...