MidnightBSD

Advisories for infinite_automation_systems

CVE-2015-1179 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in data_point_details.shtm in Mango Automation 2.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dpid, (2) dpxid, or (3) pid parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
infinite_automation_systems mango_automation *
CVE-2015-6493 MEDIUM

Cross-site request forgery (CSRF) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
infinite_automation_systems mango_automation 2.6.0
infinite_automation_systems mango_automation 2.5.0
infinite_automation_systems mango_automation 2.5.5
CVE-2015-6494 LOW

Cross-site scripting (XSS) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
infinite_automation_systems mango_automation 2.6.0
infinite_automation_systems mango_automation 2.5.0
infinite_automation_systems mango_automation 2.5.5
CVE-2015-7900 MEDIUM

Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote attackers to obtain sensitive debugging information by entering a crafted URL to trigger an exception, and then visiting a certain status page.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
infinite_automation_systems mango_automation 2.6.0
infinite_automation_systems mango_automation 2.5.0
infinite_automation_systems mango_automation 2.5.5
CVE-2015-7901 MEDIUM

Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
infinite_automation_systems mango_automation 2.6.0
infinite_automation_systems mango_automation 2.5.0
infinite_automation_systems mango_automation 2.5.5
CVE-2015-7902 MEDIUM

Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 provides different error messages for failed login attempts in unspecified circumstances, which allows remote attackers to obtain sensitive information via a series of requests.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
infinite_automation_systems mango_automation 2.6.0
infinite_automation_systems mango_automation 2.5.0
infinite_automation_systems mango_automation 2.5.5
CVE-2015-7903 MEDIUM

SQL injection vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
infinite_automation_systems mango_automation 2.6.0
infinite_automation_systems mango_automation 2.5.0
infinite_automation_systems mango_automation 2.5.5
CVE-2015-7904 MEDIUM

Unrestricted file upload vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary JSP code via vectors involving an upload of an image file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
infinite_automation_systems mango_automation 2.6.0
infinite_automation_systems mango_automation 2.5.0
infinite_automation_systems mango_automation 2.5.5