225 matches found
CVE-2016-8341
CVE-2016-8341 affects Ecava IntegraXor web server in version 5.0.413.0, where input parameters are vulnerable to SQL injection, allowing read, write, and delete commands against the host database if queries are not sanitized. Public sources (NVD/NVD-based entries) describe a SQLi vulnerability wi...
CVE-2016-8341
An issue was discovered in Ecava IntegraXor Version 5.0.413.0. The Ecava IntegraXor web server has parameters that are vulnerable to SQL injection. If the queries are not sanitized, the host's database could be subject to read, write, and delete commands...
Multiple SQL Injection Vulnerabilities in Ecava IntegraXor
Ecava IntegraXor is a set of Web-based tools for creating and running HMI interfaces for SCADA systems. Ecava IntegraXor suffers from multiple SQL injection vulnerabilities that stem from a failure to properly validate a SQL query before using user input. An attacker could use this vulnerability ...
Ecava IntegraXor getdata param SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the param parameter in getdata requests. The issue lies in the failur...
Ecava IntegraXor getdata name SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the name parameter in getdata requests. The issue lies in the failure...
Ecava IntegraXor
CVSS v3 7.3 ATTENTION: Remotely Exploitable/low skill level to exploit Vendor: Ecava Equipment: IntegraXor Vulnerability: SQL Injection AFFECTED PRODUCTS The following IntegraXor version is affected: IntegraXor Version 5.0.413.0 IMPACT A successful exploit of this vulnerability could lead to...
ECAVA IntegraXor < 5.0.4522 Multiple Vulnerabilities
ECAVA IntegraXor is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ecava:integraxor"; if...
CVE-2016-2306
The HMI web server in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive cleartext information by sniffing the network...
CVE-2016-2306
The HMI web server in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive cleartext information by sniffing the network...
CVE-2016-2305
Cross-site scripting XSS vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...
CVE-2016-2305
Cross-site scripting XSS vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...
CVE-2016-2304
Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...
CVE-2016-2304
Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...
CVE-2016-2303
CRLF injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL...
CVE-2016-2302
Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive information by reading detailed error messages...
CVE-2016-2302
Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive information by reading detailed error messages...
CVE-2016-2301
SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...
CVE-2016-2301
SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...
CVE-2016-2300
Ecava IntegraXor before 5.0 build 4522 allows remote attackers to bypass authentication and access unspecified web pages via unknown vectors...
CVE-2016-2300
Ecava IntegraXor before 5.0 build 4522 allows remote attackers to bypass authentication and access unspecified web pages via unknown vectors...