Vulnerabilities > Ecava > Integraxor

DATE CVE VULNERABILITY TITLE RISK
2016-04-22 CVE-2016-2300 Improper Authentication vulnerability in Ecava Integraxor
Ecava IntegraXor before 5.0 build 4522 allows remote attackers to bypass authentication and access unspecified web pages via unknown vectors.
network
low complexity
ecava CWE-287
6.4
2016-04-22 CVE-2016-2299 SQL Injection vulnerability in Ecava Integraxor
SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
ecava CWE-89
7.5
2015-04-03 CVE-2015-0990 Local Code Execution vulnerability in Ecava Integraxor SCADA Server
Untrusted search path vulnerability in Ecava IntegraXor SCADA Server before 4.2.4488 allows local users to gain privileges via a renamed DLL in the default install directory.
local
ecava
4.4
2014-09-15 CVE-2014-2377 Information Exposure vulnerability in Ecava Integraxor
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag.
network
low complexity
ecava CWE-200
5.0
2014-09-15 CVE-2014-2376 SQL Injection vulnerability in Ecava Integraxor
SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
ecava CWE-89
7.5
2014-09-15 CVE-2014-2375 Permissions, Privileges, and Access Controls vulnerability in Ecava Integraxor
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature.
network
low complexity
ecava CWE-264
critical
9.0
2014-05-01 CVE-2014-0786 Cryptographic Issues vulnerability in Ecava Integraxor
Ecava IntegraXor before 4.1.4393 allows remote attackers to read cleartext credentials for administrative accounts via SELECT statements that leverage the guest role.
network
low complexity
ecava CWE-310
5.0
2014-01-21 CVE-2014-0753 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ecava Integraxor
Stack-based buffer overflow in the SCADA server in Ecava IntegraXor before 4.1.4390 allows remote attackers to cause a denial of service (system crash) by triggering access to DLL code located in the IntegraXor directory.
network
low complexity
ecava CWE-119
7.8
2014-01-09 CVE-2014-0752 Permissions, Privileges, and Access Controls vulnerability in Ecava Integraxor
The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote attackers to read arbitrary project backup files via a crafted URL.
network
low complexity
ecava CWE-264
5.0
2013-02-08 CVE-2012-4700 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ecava Integraxor
Multiple buffer overflows in an ActiveX control in PE3DO32A.ocx in IntegraXor SCADA Server 4.00 build 4250.0 and earlier allow remote attackers to execute arbitrary code via a crafted HTML document.
network
ecava CWE-119
critical
9.3