Lucene search
K

225 matches found

Prion
Prion
added 2016/04/22 12:59 a.m.16 views

Authentication flaw

Ecava IntegraXor before 5.0 build 4522 allows remote attackers to bypass authentication and access unspecified web pages via unknown vectors...

6.4CVSS7.5AI score0.01169EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2016/04/22 12:59 a.m.12 views

Code injection

Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...

4.3CVSS6.6AI score0.01065EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2016/04/22 12:59 a.m.19 views

Information disclosure

Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive information by reading detailed error messages...

5CVSS6.7AI score0.01176EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2016/04/22 12:59 a.m.17 views

CVE-2016-2299

SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

7.5CVSS7.8AI score0.01425EPSS
Exploits0References6
Prion
Prion
added 2016/04/22 12:59 a.m.15 views

Sql injection

SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...

6.5CVSS8.5AI score0.00805EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2016/04/22 12:59 a.m.12 views

Code injection

The HMI web server in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive cleartext information by sniffing the network...

7.8CVSS6.7AI score0.01852EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2016/04/22 12:59 a.m.13 views

Crlf injection

CRLF injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL...

5CVSS7.3AI score0.01052EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2016/04/22 12:59 a.m.3 views

CVE-2016-2299

SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

7.3CVSS6.1AI score0.01425EPSS
Exploits0References6
Prion
Prion
added 2016/04/22 12:59 a.m.16 views

Sql injection

SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

7.5CVSS8.9AI score0.01425EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2016/04/22 12:59 a.m.17 views

Cross site scripting

Cross-site scripting XSS vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

4.3CVSS6AI score0.00906EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2016/04/22 12:0 a.m.22 views

CVE-2016-2304

Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...

4.8AI score0.01065EPSS
Exploits0References1
CVE
CVE
added 2016/04/22 12:0 a.m.44 views

CVE-2016-2304

CVE-2016-2304 affects Ecava IntegraXor prior to version 5.0, build 4522. The issue is that the HTTPOnly flag is not set on the session cookie in the web server, enabling a remote attacker to access the cookie via scripts and potentially log in as an administrator. Public sources describe this as ...

4.3CVSS5AI score0.01065EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2016/04/22 12:0 a.m.44 views

CVE-2016-2299

Ecava IntegraXor web-based HMI/SCADA is affected. The vulnerability is a SQL injection in Ecava IntegraXor before 5.0 build 4522, caused by insufficient input validation. Remote attackers could execute arbitrary SQL commands via unspecified vectors. No exploit details are provided in the document...

7.5CVSS7.6AI score0.01425EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2016/04/22 12:0 a.m.44 views

CVE-2016-2301

CVE-2016-2301 affects Ecava IntegraXor web-based HMI software. The issue is SQL injection in IntegraXor prior to version 5.0, build 4522, allowing remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Affected product: Ecava IntegraXor; root cause: improper handlin...

6.5CVSS6.8AI score0.00805EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2016/04/22 12:0 a.m.45 views

CVE-2016-2302

CVE-2016-2302 affects Ecava IntegraXor web-based HMI (IntegraXor) before version 5.0, build 4522. Root cause: cleartext transmission of sensitive information and related information disclosure via detailed error messages. Impact: remote attacker could obtain sensitive information from the affecte...

5.3CVSS5.7AI score0.01176EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2016/04/22 12:0 a.m.24 views

CVE-2016-2300

Ecava IntegraXor before 5.0 build 4522 allows remote attackers to bypass authentication and access unspecified web pages via unknown vectors...

6.9AI score0.01169EPSS
Exploits0References1
Cvelist
Cvelist
added 2016/04/22 12:0 a.m.25 views

CVE-2016-2305

Cross-site scripting XSS vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

6.1AI score0.00906EPSS
Exploits0References1
CVE
CVE
added 2016/04/22 12:0 a.m.48 views

CVE-2016-2303

CVE-2016-2303: Ecava IntegraXor before 5.0 build 4522 is vulnerable to CRLF injection in HTTP headers, enabling HTTP response splitting via a crafted URL. Affected product: Ecava IntegraXor HMI web server (pre-5.0 build 4522). Root cause: improper neutralization of CRLF sequences in HTTP header h...

5.3CVSS5.9AI score0.01052EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2016/04/22 12:0 a.m.58 views

CVE-2016-2300

CVE-2016-2300 affects Ecava IntegraXor prior to Version 5.0, build 4522. The vulnerability is an authentication bypass that allows remote attackers to access unspecified web pages via unknown vectors. The vulnerability is remote-exploitable and is among multiple issues identified for IntegraXor

6.5CVSS6.8AI score0.01169EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2016/04/22 12:0 a.m.26 views

CVE-2016-2299

SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

7.7AI score0.01425EPSS
Exploits0References6
Rows per page
Query Builder