Lucene search
+L

225 matches found

cve
cve
added 2016/04/22 12:0 a.m.46 views

CVE-2016-2299

Ecava IntegraXor web-based HMI/SCADA is affected. The vulnerability is a SQL injection in Ecava IntegraXor before 5.0 build 4522, caused by insufficient input validation. Remote attackers could execute arbitrary SQL commands via unspecified vectors. No exploit details are provided in the document...

7.5CVSS7.6AI score0.01425EPSS
Exploits0References6Affected Software1
cve
cve
added 2016/04/22 12:0 a.m.48 views

CVE-2016-2303

CVE-2016-2303: Ecava IntegraXor before 5.0 build 4522 is vulnerable to CRLF injection in HTTP headers, enabling HTTP response splitting via a crafted URL. Affected product: Ecava IntegraXor HMI web server (pre-5.0 build 4522). Root cause: improper neutralization of CRLF sequences in HTTP header h...

5.3CVSS5.9AI score0.01052EPSS
Exploits0References1Affected Software1
cve
cve
added 2016/04/22 12:0 a.m.44 views

CVE-2016-2304

CVE-2016-2304 affects Ecava IntegraXor prior to version 5.0, build 4522. The issue is that the HTTPOnly flag is not set on the session cookie in the web server, enabling a remote attacker to access the cookie via scripts and potentially log in as an administrator. Public sources describe this as ...

4.3CVSS5AI score0.01065EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2016/04/22 12:0 a.m.22 views

CVE-2016-2301

SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...

6.8AI score0.00805EPSS
Exploits0References1
cvelist
cvelist
added 2016/04/22 12:0 a.m.22 views

CVE-2016-2302

Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive information by reading detailed error messages...

5.5AI score0.01176EPSS
Exploits0References1
cve
cve
added 2016/04/22 12:0 a.m.49 views

CVE-2016-2305

CVE-2016-2305 affects Ecava IntegraXor web UI: a DOM-based cross-site scripting vulnerability allows remote attackers to inject arbitrary script/HTML via a crafted URL in IntegraXor versions prior to 5.0, build 4522. Root cause: improper input handling in the web interface enables XSS through man...

6.1CVSS6AI score0.00906EPSS
Exploits0References1Affected Software1
cnvd
cnvd
added 2016/04/16 12:0 a.m.6 views

Ecava IntegraXor Information Disclosure Vulnerability (CNVD-2016-02341)

Ecava IntegraXor is a set of Web-based tools for creating and running HMI interfaces for SCADA systems. An information disclosure vulnerability exists in Ecava IntegraXor prior to version 5.0 build 4522 that stems from the program not setting the HTTPOnly flag in the session cookie. A remote...

4.3CVSS6.3AI score0.01065EPSS
Exploits0References1
cnvd
cnvd
added 2016/04/16 12:0 a.m.5 views

Ecava IntegraXor SQL Injection Vulnerability

Ecava IntegraXor is a set of Web-based tools for creating and running HMI Human Machine Interface interfaces for SCADA systems from Ecava Malaysia. A SQL injection vulnerability exists in Ecava IntegraXor versions prior to 5.0 build 4522. A remote attacker can exploit the vulnerability to execute...

6.5CVSS8.4AI score0.00805EPSS
Exploits0References1
cnvd
cnvd
added 2016/04/16 12:0 a.m.5 views

Ecava IntegraXor Information Disclosure Vulnerability

Ecava IntegraXor is a set of Web-based tools for creating and running HMI interfaces for SCADA systems. A security vulnerability exists in Ecava IntegraXor that could be exploited by a remote attacker to obtain sensitive log information...

5.3CVSS6.7AI score0.01176EPSS
Exploits0References1
cnvd
cnvd
added 2016/04/16 12:0 a.m.5 views

Ecava IntegraXor Transfer Unencrypted Vulnerability

Ecava IntegraXor is a set of Web-based tools for creating and running HMI interfaces for SCADA systems. A transmit unencrypted vulnerability exists in Ecava IntegraXor prior to version 5.0 build 4522, which originates when the HMI web server transmits unencrypted data. A remote attacker could...

7.8CVSS7AI score0.01852EPSS
Exploits0References1
cnvd
cnvd
added 2016/04/16 12:0 a.m.8 views

Ecava IntegraXor Privilege Bypass Vulnerability

Ecava IntegraXor is a set of Web-based tools for creating and running HMI interfaces for SCADA systems. Ecava IntegraXor fails to properly check for user authorization when processing user access to sensitive web pages, allowing remote attackers to exploit the vulnerability to bypass security...

6.5CVSS6.8AI score0.01169EPSS
Exploits0References1
cnvd
cnvd
added 2016/04/16 12:0 a.m.4 views

Ecava IntegraXor Cross-Site Scripting Vulnerability (CNVD-2016-02333)

Ecava IntegraXor is a set of Web-based tools for creating and running HMI interfaces for SCADA systems. A cross-site scripting vulnerability in Ecava IntegraXor for HMI operations using SCADA applications allows remote attackers to exploit the vulnerability to inject malicious script or HTML code...

6.1CVSS6.2AI score0.00906EPSS
Exploits0References1
cnvd
cnvd
added 2016/04/14 12:0 a.m.5 views

Ecava IntegraXor Remote Code Execution Vulnerability

Ecava IntegraXor is a set of Web-based tools for creating and running HMI interfaces for SCADA systems. Ecava IntegraXor fails to perform input validation. A remote attacker could exploit the vulnerability to execute arbitrary code by sending a specially crafted request...

7.5CVSS7.8AI score0.01425EPSS
Exploits0References1
zdi
zdi
added 2016/04/12 12:0 a.m.35 views

Ecava IntegraXor Report summary_opt SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of summaryopt report requests. The vulnerability is caused by the lack of...

7.5CVSS3.3AI score0.01425EPSS
Exploits0References2
zdi
zdi
added 2016/04/12 12:0 a.m.35 views

Ecava IntegraXor Report batchlist SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of batchlist report requests. The vulnerability is caused by the lack of inp...

7.5CVSS3.3AI score0.01425EPSS
Exploits0References2
zdi
zdi
added 2016/04/12 12:0 a.m.45 views

Ecava IntegraXor Report save SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of save report requests. The vulnerability is caused by the lack of input...

7.5CVSS3.2AI score0.01425EPSS
Exploits0References2
zdi
zdi
added 2016/04/12 12:0 a.m.27 views

Ecava IntegraXor Report batch SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of batch report requests. The vulnerability is caused by the lack of input...

7.5CVSS3.2AI score0.01425EPSS
Exploits0References2
zdi
zdi
added 2016/04/12 12:0 a.m.25 views

Ecava IntegraXor Report summary SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of summary report requests. The vulnerability is caused by the lack of input...

7.5CVSS3.4AI score0.01425EPSS
Exploits0References2
seebug
seebug
added 2016/03/16 12:0 a.m.16 views

Ecava IntegraXor信息泄露漏洞

No description provided by source...

7.1AI score
Exploits0
seebug
seebug
added 2016/03/15 12:0 a.m.15 views

Ecava IntegraXor igcom.dll 目录遍历任意文件写入漏洞

No description provided by source...

7.1AI score
Exploits0
Rows per page
Query Builder