Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:ecava:integraxor:4.1.4393:*:*:*:*:*:*:*
There are 12 matching records.
Displaying matches 1 through 12.
Vuln ID Summary CVSS Severity
CVE-2017-16735

A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which generates an error in the database log.

Published: December 20, 2017; 2:29:00 PM -0500
V3.0: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2017-16733

A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which an attacker can leverage to disclose sensitive information from the database.

Published: December 20, 2017; 2:29:00 PM -0500
V3.0: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2017-6050

A SQL Injection issue was discovered in Ecava IntegraXor Versions 5.2.1231.0 and prior. The application fails to properly validate user input, which may allow for an unauthenticated attacker to remotely execute arbitrary code in the form of SQL queries.

Published: June 21, 2017; 3:29:00 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2016-2306

The HMI web server in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive cleartext information by sniffing the network.

Published: April 21, 2016; 8:59:07 PM -0400
V3.0: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2016-2305

Cross-site scripting (XSS) vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

Published: April 21, 2016; 8:59:06 PM -0400
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-2304

Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

Published: April 21, 2016; 8:59:05 PM -0400
V3.0: 4.3 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-2303

CRLF injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.

Published: April 21, 2016; 8:59:04 PM -0400
V3.0: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2016-2302

Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive information by reading detailed error messages.

Published: April 21, 2016; 8:59:03 PM -0400
V3.0: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2016-2301

SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Published: April 21, 2016; 8:59:02 PM -0400
V3.0: 6.3 MEDIUM
V2.0: 6.5 MEDIUM
CVE-2016-2300

Ecava IntegraXor before 5.0 build 4522 allows remote attackers to bypass authentication and access unspecified web pages via unknown vectors.

Published: April 21, 2016; 8:59:01 PM -0400
V3.0: 6.5 MEDIUM
V2.0: 6.4 MEDIUM
CVE-2016-2299

SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: April 21, 2016; 8:59:00 PM -0400
V3.0: 7.3 HIGH
V2.0: 7.5 HIGH
CVE-2015-0990

Untrusted search path vulnerability in Ecava IntegraXor SCADA Server before 4.2.4488 allows local users to gain privileges via a renamed DLL in the default install directory.

Published: April 03, 2015; 6:59:12 AM -0400
V3.x:(not available)
V2.0: 4.4 MEDIUM