8 matches found
CVE-2015-6493
CVE-2015-6493 affects Infinite Automation Mango Automation versions 2.5.x through 2.6.x (up to 2.6.0 build 430). It is a Cross-Site Request Forgery (CSRF) vulnerability that can allow an authenticated remote attacker to hijack the victim’s session, with unspecified vectors. Public exploitation ev...
CVE-2015-7904
CVE-2015-7904 affects Mango Automation by Infinite Automation Systems. An authenticated remote user can trigger arbitrary JSP code execution due to improper verification of uploaded image files, allowing unrestricted file upload in Mango Automation 2.5.x and 2.6.x prior to 2.6.0 build 430. Public...
CVE-2015-1179
Affected software: Mango Automation (open-source SCADA/HMI) up to version 2.4.0 and possibly earlier. Vulnerability: Cross-site scripting (XSS) in data_point_details.shtm, exploitable via the parameters dpid, dpxid, or pid. Root cause/impact: Improper input handling allows a remote attacker to cr...
CVE-2015-7901
Infinite Automation Mango Automation versions 2.5.x–2.6.0 beta (builds prior to 430) contain an OS command injection vulnerability that can be exploited by an authenticated remote user to execute arbitrary commands. Affected component/issue is demonstrated by public exploit references (e.g., Expl...
CVE-2015-7900
CVE-2015-7900 affects Mango Automation 2.5.x and 2.6.x prior to 2.6.0 build 430. A debugging feature causes an information-disclosure to remote attackers by triggering an exception via a crafted URL and then visiting a status page, exposing debugging/session data. Connections confirm vulnerabilit...
CVE-2015-7902
The CVE-2015-7902 entry relates to Mango Automation (Infinite Automation Systems) versions 2.5.x and 2.6.x before 2.6.0 build 430, where login error handling exposes distinct error messages that can lead to information disclosure via sequences of requests. The vulnerability allows remote attacker...
CVE-2015-6494
Summary: CVE-2015-6494 is a cross-site scripting (XSS) vulnerability in Infinite Automation Mango Automation, affecting version series 2.5.x and 2.6.x before 2.6.0 build 430. An authenticated remote user could inject arbitrary web script/HTML via unspecified vectors. The issue was publicized with...
CVE-2015-7903
Mango Automation (Infinite Automation Systems) is affected by CVE-2015-7903: an SQL injection vulnerability in Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 that allows an authenticated remote user to execute arbitrary SQL commands via unspecified vectors. Public discussions indicate th...