Inductive Automation Ignition 7.7.2 allows remote attackers to obtain sensitive information by reading an error message about an unhandled exception, as demonstrated by pathname information.

Cross-site scripting (XSS) vulnerability in Inductive Automation Ignition 7.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Multiple directory traversal vulnerabilities in Ignition 1.2, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the blog parameter to (1) comment.php and (2) view.php.

mod_channel.bas in The Ignition Project ignitionServer 0.3.0 to 0.3.6, and possibly earlier versions, does not properly verify whether a host has the owner privileges required to delete IRC channel access entries, which allows remote attackers to bypass intended restrictions.

mod_channel in The Ignition Project ignitionServer 0.3.0 to 0.3.6, and possibly earlier versions, does not allow protected operators to access channels that have been locked out by a key, which allows IRC users to cause a denial of service.

Unknown vulnerability in The Ignition Project ignitionServer 0.1.2 through 0.3.1, with the linking service enabled, allows remote attackers to bypass authentication.

The Ignition Project ignitionServer 0.1.2 through 0.1.2-R2 allows remote authenticated users with local IRC operator privileges to obtain global IRC operator privileges by using the unofficial umode command with the +ORD argument.