Ecava Integraxor
26 CVEs affecting Ecava Integraxor. Latest disclosed: 2017-12-20. Critical: 2, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-6050 | Critical | 9.8 | 2017-06-21 | A SQL Injection issue was discovered in Ecava IntegraXor Versions 5.2.1231.0 and prior. The application fails to properly validate user input, which may allow… |
CVE-2016-8341 | Critical | 9.8 | 2017-02-13 | An issue was discovered in Ecava IntegraXor Version 5.0.413.0. The Ecava IntegraXor web server has parameters that are vulnerable to SQL injection. If the quer… |
CVE-2016-2306 | High | 7.5 | 2016-04-22 | The HMI web server in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive cleartext information by sniffing the network. |
CVE-2016-2299 | High | 7.3 | 2016-04-22 | SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
CVE-2016-2300 | Medium | 6.5 | 2016-04-22 | Ecava IntegraXor before 5.0 build 4522 allows remote attackers to bypass authentication and access unspecified web pages via unknown vectors. |
CVE-2016-2301 | Medium | 6.3 | 2016-04-22 | SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote authenticated users to execute arbitrary SQL commands via unspecified vecto… |
CVE-2016-2305 | Medium | 6.1 | 2016-04-22 | Cross-site scripting (XSS) vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary web script or HTML via a crafted… |
CVE-2017-16735 | Medium | 5.3 | 2017-12-20 | A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which generates an error… |
CVE-2017-16733 | Medium | 5.3 | 2017-12-20 | A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which an attacker can lev… |
CVE-2016-2303 | Medium | 5.3 | 2016-04-22 | CRLF injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response split… |
CVE-2016-2302 | Medium | 5.3 | 2016-04-22 | Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive information by reading detailed error messages. |
CVE-2016-2304 | Medium | 4.3 | 2016-04-22 | Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attac… |
CVE-2015-0990 | | 2015-04-03 | Untrusted search path vulnerability in Ecava IntegraXor SCADA Server before 4.2.4488 allows local users to gain privileges via a renamed DLL in the default ins… | |
CVE-2014-2377 | | 2014-09-15 | Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application t… | |
CVE-2014-2376 | | 2014-09-15 | SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbit… | |
CVE-2014-2375 | | 2014-09-15 | Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain… | |
CVE-2014-0786 | | 2014-05-01 | Ecava IntegraXor before 4.1.4393 allows remote attackers to read cleartext credentials for administrative accounts via SELECT statements that leverage the gues… | |
CVE-2014-0753 | | 2014-01-21 | Stack-based buffer overflow in the SCADA server in Ecava IntegraXor before 4.1.4390 allows remote attackers to cause a denial of service (system crash) by trig… | |
CVE-2014-0752 | | 2014-01-09 | The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote attackers to read arbitrary project backup files via a crafted URL. | |
CVE-2012-4700 | | 2013-02-08 | Multiple buffer overflows in an ActiveX control in PE3DO32A.ocx in IntegraXor SCADA Server 4.00 build 4250.0 and earlier allow remote attackers to execute arbi… |