Show filters
20 Total Results
Displaying 11-20 of 20
Sort by:
Attacker Value
Unknown

CVE-2015-6494

Disclosure Date: October 28, 2015 (last updated October 05, 2023)
Cross-site scripting (XSS) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
0
0
Attacker Value
Unknown

CVE-2015-7902

Disclosure Date: October 28, 2015 (last updated October 05, 2023)
Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 provides different error messages for failed login attempts in unspecified circumstances, which allows remote attackers to obtain sensitive information via a series of requests.
0
0
Attacker Value
Unknown

CVE-2015-7903

Disclosure Date: October 28, 2015 (last updated October 05, 2023)
SQL injection vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
0
0
Attacker Value
Unknown

CVE-2015-7900

Disclosure Date: October 28, 2015 (last updated October 05, 2023)
Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote attackers to obtain sensitive debugging information by entering a crafted URL to trigger an exception, and then visiting a certain status page.
0
0
Attacker Value
Unknown

CVE-2015-1179

Disclosure Date: January 26, 2015 (last updated October 05, 2023)
Multiple cross-site scripting (XSS) vulnerabilities in data_point_details.shtm in Mango Automation 2.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dpid, (2) dpxid, or (3) pid parameter.
0
0
Attacker Value
Unknown

CVE-2014-9520

Disclosure Date: January 05, 2015 (last updated October 05, 2023)
SQL injection vulnerability in execute.php in InfiniteWP Admin Panel before 2.4.4 allows remote attackers to execute arbitrary SQL commands via the historyID parameter.
0
0
Attacker Value
Unknown

CVE-2014-9519

Disclosure Date: January 05, 2015 (last updated October 05, 2023)
SQL injection vulnerability in login.php in InfiniteWP Admin Panel before 2.4.3 allows remote attackers to execute arbitrary SQL commands via the email parameter.
0
0
Attacker Value
Unknown

CVE-2014-9521

Disclosure Date: January 05, 2015 (last updated October 05, 2023)
Unrestricted file upload vulnerability in uploadScript.php in InfiniteWP Admin Panel before 2.4.4, when the allWPFiles query parameter is set, allows remote attackers to execute arbitrary code by uploading a file with a double extension, then accessing it via a direct request to the file in the uploads directory, as demonstrated by the .php.swp filename.
0
0
Attacker Value
Unknown

CVE-2006-3267

Disclosure Date: June 27, 2006 (last updated October 04, 2023)
SQL injection vulnerability in index.php in Infinite Core Technologies (ICT) 1.0 Gold and earlier allows remote attackers to execute arbitrary SQL commands via the post parameter.
0
0
Attacker Value
Unknown

CVE-2001-0097

Disclosure Date: February 12, 2001 (last updated February 22, 2025)
The Web interface for Infinite Interchange 3.6.1 allows remote attackers to cause a denial of service (application crash) via a large POST request.
0
0
View More Topics  < Previous