225 matches found
CVE-2016-2299
Ecava IntegraXor web-based HMI/SCADA is affected. The vulnerability is a SQL injection in Ecava IntegraXor before 5.0 build 4522, caused by insufficient input validation. Remote attackers could execute arbitrary SQL commands via unspecified vectors. No exploit details are provided in the document...
CVE-2016-2303
CVE-2016-2303: Ecava IntegraXor before 5.0 build 4522 is vulnerable to CRLF injection in HTTP headers, enabling HTTP response splitting via a crafted URL. Affected product: Ecava IntegraXor HMI web server (pre-5.0 build 4522). Root cause: improper neutralization of CRLF sequences in HTTP header h...
CVE-2016-2304
CVE-2016-2304 affects Ecava IntegraXor prior to version 5.0, build 4522. The issue is that the HTTPOnly flag is not set on the session cookie in the web server, enabling a remote attacker to access the cookie via scripts and potentially log in as an administrator. Public sources describe this as ...
CVE-2016-2301
SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...
CVE-2016-2302
Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive information by reading detailed error messages...
CVE-2016-2305
CVE-2016-2305 affects Ecava IntegraXor web UI: a DOM-based cross-site scripting vulnerability allows remote attackers to inject arbitrary script/HTML via a crafted URL in IntegraXor versions prior to 5.0, build 4522. Root cause: improper input handling in the web interface enables XSS through man...
Ecava IntegraXor Information Disclosure Vulnerability (CNVD-2016-02341)
Ecava IntegraXor is a set of Web-based tools for creating and running HMI interfaces for SCADA systems. An information disclosure vulnerability exists in Ecava IntegraXor prior to version 5.0 build 4522 that stems from the program not setting the HTTPOnly flag in the session cookie. A remote...
Ecava IntegraXor SQL Injection Vulnerability
Ecava IntegraXor is a set of Web-based tools for creating and running HMI Human Machine Interface interfaces for SCADA systems from Ecava Malaysia. A SQL injection vulnerability exists in Ecava IntegraXor versions prior to 5.0 build 4522. A remote attacker can exploit the vulnerability to execute...
Ecava IntegraXor Information Disclosure Vulnerability
Ecava IntegraXor is a set of Web-based tools for creating and running HMI interfaces for SCADA systems. A security vulnerability exists in Ecava IntegraXor that could be exploited by a remote attacker to obtain sensitive log information...
Ecava IntegraXor Transfer Unencrypted Vulnerability
Ecava IntegraXor is a set of Web-based tools for creating and running HMI interfaces for SCADA systems. A transmit unencrypted vulnerability exists in Ecava IntegraXor prior to version 5.0 build 4522, which originates when the HMI web server transmits unencrypted data. A remote attacker could...
Ecava IntegraXor Privilege Bypass Vulnerability
Ecava IntegraXor is a set of Web-based tools for creating and running HMI interfaces for SCADA systems. Ecava IntegraXor fails to properly check for user authorization when processing user access to sensitive web pages, allowing remote attackers to exploit the vulnerability to bypass security...
Ecava IntegraXor Cross-Site Scripting Vulnerability (CNVD-2016-02333)
Ecava IntegraXor is a set of Web-based tools for creating and running HMI interfaces for SCADA systems. A cross-site scripting vulnerability in Ecava IntegraXor for HMI operations using SCADA applications allows remote attackers to exploit the vulnerability to inject malicious script or HTML code...
Ecava IntegraXor Remote Code Execution Vulnerability
Ecava IntegraXor is a set of Web-based tools for creating and running HMI interfaces for SCADA systems. Ecava IntegraXor fails to perform input validation. A remote attacker could exploit the vulnerability to execute arbitrary code by sending a specially crafted request...
Ecava IntegraXor Report summary_opt SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of summaryopt report requests. The vulnerability is caused by the lack of...
Ecava IntegraXor Report batchlist SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of batchlist report requests. The vulnerability is caused by the lack of inp...
Ecava IntegraXor Report save SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of save report requests. The vulnerability is caused by the lack of input...
Ecava IntegraXor Report batch SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of batch report requests. The vulnerability is caused by the lack of input...
Ecava IntegraXor Report summary SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of summary report requests. The vulnerability is caused by the lack of input...
Ecava IntegraXor信息泄露漏洞
No description provided by source...
Ecava IntegraXor igcom.dll 目录遍历任意文件写入漏洞
No description provided by source...