Download
| Alert*
|
CVE-2014-0752
The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote attackers to read arbitrary project backup files via a crafted URL. CVE-2014-0753 Stack-based buffer overflow in the SCADA server in Ecava IntegraXor before 4.1.4390 allows remote attackers to cause a denial of service (system crash) by triggering access to DLL code located in the IntegraXor directory. CVE-2014-0786 Ecava IntegraXor before 4.1.4393 allows remote attackers to read cleartext credentials for administrative accounts via SELECT statements that leverage the guest role. CVE-2014-2377 Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag. CVE-2014-2375 Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature. CVE-2014-2376 SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
