VYPR
Vendor

Ecava

Products
3
CVEs
27
Across products
31
Status
Private

Products

3

Recent CVEs

27
View all 27 CVEs →
  • CVE-2017-6050CriJun 21, 2017
    risk 0.64cvss 9.8epss 0.04

    A SQL Injection issue was discovered in Ecava IntegraXor Versions 5.2.1231.0 and prior. The application fails to properly validate user input, which may allow for an unauthenticated attacker to remotely execute arbitrary code in the form of SQL queries.

  • CVE-2016-8341CriFeb 13, 2017
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Ecava IntegraXor Version 5.0.413.0. The Ecava IntegraXor web server has parameters that are vulnerable to SQL injection. If the queries are not sanitized, the host's database could be subject to read, write, and delete commands.

  • CVE-2016-2306HigApr 22, 2016
    risk 0.49cvss 7.5epss 0.02

    The HMI web server in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive cleartext information by sniffing the network.

  • CVE-2016-2299HigApr 22, 2016
    risk 0.48cvss 7.3epss 0.01

    SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2025-4216MedJun 14, 2025
    risk 0.42cvss 6.4epss 0.00

    The DIOT SCADA with MQTT plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'diot' shortcode in all versions up to, and including, 1.0.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…

  • CVE-2016-2300MedApr 22, 2016
    risk 0.42cvss 6.5epss 0.01

    Ecava IntegraXor before 5.0 build 4522 allows remote attackers to bypass authentication and access unspecified web pages via unknown vectors.

  • CVE-2016-2301MedApr 22, 2016
    risk 0.41cvss 6.3epss 0.01

    SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2016-2305MedApr 22, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

  • CVE-2017-16735MedDec 20, 2017
    risk 0.35cvss 5.3epss 0.01

    A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which generates an error in the database log.

  • CVE-2017-16733MedDec 20, 2017
    risk 0.35cvss 5.3epss 0.01

    A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which an attacker can leverage to disclose sensitive information from the database.

  • CVE-2016-2303MedApr 22, 2016
    risk 0.35cvss 5.3epss 0.01

    CRLF injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.

  • CVE-2016-2302MedApr 22, 2016
    risk 0.35cvss 5.3epss 0.01

    Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive information by reading detailed error messages.

  • CVE-2016-2304MedApr 22, 2016
    risk 0.28cvss 4.3epss 0.01

    Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

  • CVE-2010-4598Dec 23, 2010
    risk 0.05cvss epss 0.26

    Directory traversal vulnerability in Ecava IntegraXor 3.6.4000.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file_name parameter in an open request.

  • CVE-2010-4597Dec 23, 2010
    risk 0.05cvss epss 0.19

    Stack-based buffer overflow in the save method in the IntegraXor.Project ActiveX control in igcomm.dll in Ecava IntegraXor Human-Machine Interface (HMI) before 3.5.3900.10 allows remote attackers to execute arbitrary code via a long string in the second argument.

  • CVE-2015-0990Apr 3, 2015
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in Ecava IntegraXor SCADA Server before 4.2.4488 allows local users to gain privileges via a renamed DLL in the default install directory.

  • CVE-2014-2377Sep 15, 2014
    risk 0.00cvss epss 0.02

    Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag.

  • CVE-2014-2376Sep 15, 2014
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2014-2375Sep 15, 2014
    risk 0.00cvss epss 0.02

    Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature.

  • CVE-2014-0786May 1, 2014
    risk 0.00cvss epss 0.03

    Ecava IntegraXor before 4.1.4393 allows remote attackers to read cleartext credentials for administrative accounts via SELECT statements that leverage the guest role.