Lucene search
Andrea Micalizzi (rgod)ZDI-14-369HistoryOct 24, 2014 - 12:00 a.m.
Ecava IntegraXor Guest Acccount Information Disclosure Vulnerability
2014-10-2400:00:00
Andrea Micalizzi (rgod)
www.zerodayinitiative.com
11
0.015 Low
EPSS
Percentile
86.8%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the “guest” user. The issue lies in the ability the retrieve all project credentials. By abusing this flaw an attacker can disclose credentials and leverage this situation to achieve remote code execution.
Related
ics
ics
Ecava IntegraXor Guest Account Information Disclosure Vulnerability
2018-09-06 12:00:00
Ecava Integraxor SCADA Server Vulnerabilities
2018-09-06 12:00:00
prion
prion
Design/Logic Flaw
2014-05-01 01:56:00
cvelist
cvelist
CVE-2014-0786
2014-05-01 01:00:00
zdi
zdi
Ecava IntegraXor Guest Acccount Information Disclosure Vulnerability
2014-05-02 00:00:00
nvd
nvd
CVE-2014-0786
2014-05-01 01:56:10
openvas
openvas
ECAVA IntegraXor < 4.1.4393 Account Information Disclosure Vulnerability
2014-05-19 00:00:00
cve
cve
CVE-2014-0786
2014-05-01 01:56:10
nessus
nessus
Ecava IntegraXor < 4.2.4458 Multiple Vulnerabilities
2014-09-29 00:00:00
Ecava IntegraXor < 4.2.4458 Multiple Vulnerabilities
2014-09-23 00:00:00