Lucene search
K
Infinite Automation SystemsMango Automation

8 matches found

CVE
CVE
added 2015/10/28 10:0 a.m.57 views

CVE-2015-7904

CVE-2015-7904 affects Mango Automation by Infinite Automation Systems. An authenticated remote user can trigger arbitrary JSP code execution due to improper verification of uploaded image files, allowing unrestricted file upload in Mango Automation 2.5.x and 2.6.x prior to 2.6.0 build 430. Public...

6.5CVSS7.3AI score0.02783EPSS
Web
CVE
CVE
added 2015/10/28 10:0 a.m.56 views

CVE-2015-6493

CVE-2015-6493 affects Infinite Automation Mango Automation versions 2.5.x through 2.6.x (up to 2.6.0 build 430). It is a Cross-Site Request Forgery (CSRF) vulnerability that can allow an authenticated remote attacker to hijack the victim’s session, with unspecified vectors. Public exploitation ev...

6.8CVSS6.8AI score0.01323EPSS
Web
CVE
CVE
added 2015/01/26 3:0 p.m.52 views

CVE-2015-1179

Affected software: Mango Automation (open-source SCADA/HMI) up to version 2.4.0 and possibly earlier. Vulnerability: Cross-site scripting (XSS) in data_point_details.shtm, exploitable via the parameters dpid, dpxid, or pid. Root cause/impact: Improper input handling allows a remote attacker to cr...

4.3CVSS5.8AI score0.01534EPSS
CVE
CVE
added 2015/10/28 10:0 a.m.51 views

CVE-2015-7901

Infinite Automation Mango Automation versions 2.5.x–2.6.0 beta (builds prior to 430) contain an OS command injection vulnerability that can be exploited by an authenticated remote user to execute arbitrary commands. Affected component/issue is demonstrated by public exploit references (e.g., Expl...

6.5CVSS7.3AI score0.03257EPSS
Web
CVE
CVE
added 2015/10/28 10:0 a.m.50 views

CVE-2015-7900

CVE-2015-7900 affects Mango Automation 2.5.x and 2.6.x prior to 2.6.0 build 430. A debugging feature causes an information-disclosure to remote attackers by triggering an exception via a crafted URL and then visiting a status page, exposing debugging/session data. Connections confirm vulnerabilit...

4.3CVSS6.3AI score0.02946EPSS
Web
CVE
CVE
added 2015/10/28 10:0 a.m.44 views

CVE-2015-7902

The CVE-2015-7902 entry relates to Mango Automation (Infinite Automation Systems) versions 2.5.x and 2.6.x before 2.6.0 build 430, where login error handling exposes distinct error messages that can lead to information disclosure via sequences of requests. The vulnerability allows remote attacker...

5CVSS6.4AI score0.03498EPSS
Web
CVE
CVE
added 2015/10/28 10:0 a.m.43 views

CVE-2015-6494

Summary: CVE-2015-6494 is a cross-site scripting (XSS) vulnerability in Infinite Automation Mango Automation, affecting version series 2.5.x and 2.6.x before 2.6.0 build 430. An authenticated remote user could inject arbitrary web script/HTML via unspecified vectors. The issue was publicized with...

3.5CVSS5.4AI score0.01747EPSS
Web
CVE
CVE
added 2015/10/28 10:0 a.m.42 views

CVE-2015-7903

Mango Automation (Infinite Automation Systems) is affected by CVE-2015-7903: an SQL injection vulnerability in Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 that allows an authenticated remote user to execute arbitrary SQL commands via unspecified vectors. Public discussions indicate th...

6.5CVSS8.2AI score0.0129EPSS
Web