Lucene search
K

225 matches found

CVE
CVE
added 2017/02/13 9:0 p.m.54 views

CVE-2016-8341

CVE-2016-8341 affects Ecava IntegraXor web server in version 5.0.413.0, where input parameters are vulnerable to SQL injection, allowing read, write, and delete commands against the host database if queries are not sanitized. Public sources (NVD/NVD-based entries) describe a SQLi vulnerability wi...

9.8CVSS9.7AI score0.01645EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2017/02/13 9:0 p.m.22 views

CVE-2016-8341

An issue was discovered in Ecava IntegraXor Version 5.0.413.0. The Ecava IntegraXor web server has parameters that are vulnerable to SQL injection. If the queries are not sanitized, the host's database could be subject to read, write, and delete commands...

9.8AI score0.01645EPSS
Exploits0References2
CNVD
CNVD
added 2017/02/10 12:0 a.m.4 views

Multiple SQL Injection Vulnerabilities in Ecava IntegraXor

Ecava IntegraXor is a set of Web-based tools for creating and running HMI interfaces for SCADA systems. Ecava IntegraXor suffers from multiple SQL injection vulnerabilities that stem from a failure to properly validate a SQL query before using user input. An attacker could use this vulnerability ...

9.8CVSS8AI score0.01645EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2017/02/07 12:0 a.m.44 views

Ecava IntegraXor getdata param SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the param parameter in getdata requests. The issue lies in the failur...

7.5CVSS2.1AI score0.01645EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2017/02/07 12:0 a.m.34 views

Ecava IntegraXor getdata name SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the name parameter in getdata requests. The issue lies in the failure...

7.5CVSS2.1AI score0.01645EPSS
Exploits0References1
ICS
ICS
added 2017/01/31 12:0 a.m.59 views

Ecava IntegraXor

CVSS v3 7.3 ATTENTION: Remotely Exploitable/low skill level to exploit Vendor: Ecava Equipment: IntegraXor Vulnerability: SQL Injection AFFECTED PRODUCTS The following IntegraXor version is affected: IntegraXor Version 5.0.413.0 IMPACT A successful exploit of this vulnerability could lead to...

9.8CVSS10AI score0.01645EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2016/07/04 12:0 a.m.19 views

ECAVA IntegraXor < 5.0.4522 Multiple Vulnerabilities

ECAVA IntegraXor is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ecava:integraxor"; if...

7.8CVSS5.7AI score0.01852EPSS
Exploits0References1
OSV
OSV
added 2016/04/22 12:59 a.m.4 views

CVE-2016-2306

The HMI web server in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive cleartext information by sniffing the network...

7.5CVSS5.8AI score0.01852EPSS
Exploits0References1
NVD
NVD
added 2016/04/22 12:59 a.m.21 views

CVE-2016-2306

The HMI web server in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive cleartext information by sniffing the network...

7.8CVSS7.3AI score0.01852EPSS
Exploits0References1
OSV
OSV
added 2016/04/22 12:59 a.m.2 views

CVE-2016-2305

Cross-site scripting XSS vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

6.1CVSS5.9AI score0.00906EPSS
Exploits0References1
NVD
NVD
added 2016/04/22 12:59 a.m.18 views

CVE-2016-2305

Cross-site scripting XSS vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

6.1CVSS6.1AI score0.00906EPSS
Exploits0References1
OSV
OSV
added 2016/04/22 12:59 a.m.5 views

CVE-2016-2304

Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...

4.3CVSS5.8AI score0.01065EPSS
Exploits0References1
NVD
NVD
added 2016/04/22 12:59 a.m.17 views

CVE-2016-2304

Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...

4.3CVSS5AI score0.01065EPSS
Exploits0References1
NVD
NVD
added 2016/04/22 12:59 a.m.17 views

CVE-2016-2303

CRLF injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL...

5.3CVSS6AI score0.01052EPSS
Exploits0References1
NVD
NVD
added 2016/04/22 12:59 a.m.12 views

CVE-2016-2302

Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive information by reading detailed error messages...

5.3CVSS5.8AI score0.01176EPSS
Exploits0References1
OSV
OSV
added 2016/04/22 12:59 a.m.3 views

CVE-2016-2302

Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive information by reading detailed error messages...

5.3CVSS5.8AI score0.01176EPSS
Exploits0References1
NVD
NVD
added 2016/04/22 12:59 a.m.20 views

CVE-2016-2301

SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...

6.5CVSS6.9AI score0.00805EPSS
Exploits0References1
OSV
OSV
added 2016/04/22 12:59 a.m.6 views

CVE-2016-2301

SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...

6.3CVSS6.1AI score0.00805EPSS
Exploits0References1
OSV
OSV
added 2016/04/22 12:59 a.m.2 views

CVE-2016-2300

Ecava IntegraXor before 5.0 build 4522 allows remote attackers to bypass authentication and access unspecified web pages via unknown vectors...

6.5CVSS5.8AI score0.01169EPSS
Exploits0References1
NVD
NVD
added 2016/04/22 12:59 a.m.18 views

CVE-2016-2300

Ecava IntegraXor before 5.0 build 4522 allows remote attackers to bypass authentication and access unspecified web pages via unknown vectors...

6.5CVSS6.9AI score0.01169EPSS
Exploits0References1
Rows per page
Query Builder