225 matches found
Authentication flaw
Ecava IntegraXor before 5.0 build 4522 allows remote attackers to bypass authentication and access unspecified web pages via unknown vectors...
Code injection
Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...
Information disclosure
Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive information by reading detailed error messages...
CVE-2016-2299
SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Sql injection
SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...
Code injection
The HMI web server in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive cleartext information by sniffing the network...
Crlf injection
CRLF injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL...
CVE-2016-2299
SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Sql injection
SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...
CVE-2016-2304
Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...
CVE-2016-2304
CVE-2016-2304 affects Ecava IntegraXor prior to version 5.0, build 4522. The issue is that the HTTPOnly flag is not set on the session cookie in the web server, enabling a remote attacker to access the cookie via scripts and potentially log in as an administrator. Public sources describe this as ...
CVE-2016-2299
Ecava IntegraXor web-based HMI/SCADA is affected. The vulnerability is a SQL injection in Ecava IntegraXor before 5.0 build 4522, caused by insufficient input validation. Remote attackers could execute arbitrary SQL commands via unspecified vectors. No exploit details are provided in the document...
CVE-2016-2301
CVE-2016-2301 affects Ecava IntegraXor web-based HMI software. The issue is SQL injection in IntegraXor prior to version 5.0, build 4522, allowing remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Affected product: Ecava IntegraXor; root cause: improper handlin...
CVE-2016-2302
CVE-2016-2302 affects Ecava IntegraXor web-based HMI (IntegraXor) before version 5.0, build 4522. Root cause: cleartext transmission of sensitive information and related information disclosure via detailed error messages. Impact: remote attacker could obtain sensitive information from the affecte...
CVE-2016-2300
Ecava IntegraXor before 5.0 build 4522 allows remote attackers to bypass authentication and access unspecified web pages via unknown vectors...
CVE-2016-2305
Cross-site scripting XSS vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...
CVE-2016-2303
CVE-2016-2303: Ecava IntegraXor before 5.0 build 4522 is vulnerable to CRLF injection in HTTP headers, enabling HTTP response splitting via a crafted URL. Affected product: Ecava IntegraXor HMI web server (pre-5.0 build 4522). Root cause: improper neutralization of CRLF sequences in HTTP header h...
CVE-2016-2300
CVE-2016-2300 affects Ecava IntegraXor prior to Version 5.0, build 4522. The vulnerability is an authentication bypass that allows remote attackers to access unspecified web pages via unknown vectors. The vulnerability is remote-exploitable and is among multiple issues identified for IntegraXor
CVE-2016-2299
SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...