CVE-2014-0752
published 2014-01-09CVE-2014-0752: The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote attackers to read arbitrary project backup files via a crafted URL.
PriorityP430medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
1.63%
73.2th percentile
The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote attackers to read arbitrary project backup files via a crafted URL.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ecava | integraxor | <= 4.1.4360 | — |
| ecava | integraxor | — | — |
| ecava | integraxor | — | — |
| ecava | integraxor | — | — |
| ecava | integraxor | — | — |
| ecava | integraxor | — | — |
| ecava | integraxor | — | — |
| ecava | integraxor | — | — |
| ecava | integraxor | — | — |
| ecava | integraxor | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rvwg-j89r-c4vw: The SCADA server in Ecava IntegraXor before 4
ghsa_unreviewed·2022-05-17
CVE-2014-0752 [MEDIUM] CWE-529 GHSA-rvwg-j89r-c4vw: The SCADA server in Ecava IntegraXor before 4
The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote attackers to read arbitrary project backup files via a crafted URL.
CISA ICS
Ecava Sdn Bhd IntegraXor Project Directory Information Disclosure Vulnerability
cisa_ics·2018-09-06
Ecava Sdn Bhd IntegraXor Project Directory Information Disclosure Vulnerability
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Ecava Sdn Bhd IntegraXor Project Directory Information Disclosure Vulnerability
Last RevisedSeptember 06, 2018
Alert CodeICSA-14-008-01
## OVERVIEW
NCCIC/ICS-CERT received a report from the Zero Day InitiativeEcava IntegraXor Project Directory Information Disclosure Vulnerability, http://www.zerodayinitiative.com/advisories/ZDI-13-277/, Web site last accessed January 08, 2014. (ZDI) regarding a project directory information disclosure vulnerability in the Ecava Sdn Bhd IntegraXor application. This vulnerability was reported to ZDI by security researcher “Alphazorx aka technicall
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2013-1557 OpenJDK: LogStream.setDefaultStream() missing security restrictions (RMI, 8001329)
bugzilla·2013-04-16·CVSS 10.0
CVE-2013-1557 [CRITICAL] CVE-2013-1557 OpenJDK: LogStream.setDefaultStream() missing security restrictions (RMI, 8001329)
CVE-2013-1557 OpenJDK: LogStream.setDefaultStream() missing security restrictions (RMI, 8001329)
It was discovered that LogStream.setDefaultStream() is missing security restrictions. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions.
Discussion:
Public now via Oracle Java SE CPU April 2014:
http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html
Fixed in Oracle Java SE 7u21 and 6u45.
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2013:0752 https://rhn.redhat.com/errata/RHSA-2013-0752.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2013:0751 https://rhn.redhat.com/errata/RHSA-2013-0751.html
---
OpenJDK7 up
Bugzilla
CVE-2013-2436 OpenJDK: Wrapper.convert insufficient type checks (Libraries, 8009049)
bugzilla·2013-04-16·CVSS 9.3
CVE-2013-2436 [CRITICAL] CVE-2013-2436 OpenJDK: Wrapper.convert insufficient type checks (Libraries, 8009049)
CVE-2013-2436 OpenJDK: Wrapper.convert insufficient type checks (Libraries, 8009049)
It was discovered that the sun.util.invoke.Wrapper did not perform type checks correctly when converting wrapped values. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions.
Discussion:
Public now via Oracle Java SE CPU April 2014:
http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html
Fixed in 7u21.
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2013:0752 https://rhn.redhat.com/errata/RHSA-2013-0752.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2013:0751 https://rhn.redhat.com/errata/RHSA-2013-0751.html
---
OpenJDK7 ups
Bugzilla
CVE-2013-1558 OpenJDK: java.beans.ThreadGroupContext missing restrictions (Beans, 7200507)
bugzilla·2013-04-16·CVSS 10.0
CVE-2013-1558 [CRITICAL] CVE-2013-1558 OpenJDK: java.beans.ThreadGroupContext missing restrictions (Beans, 7200507)
CVE-2013-1558 OpenJDK: java.beans.ThreadGroupContext missing restrictions (Beans, 7200507)
It was discovered that the java.beans.ThreadGroupContext did not properly restrict access to the contexts field. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions.
Discussion:
Public now via Oracle Java SE CPU April 2014:
http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html
Fixed in 7u21 and 6u45.
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2013:0752 https://rhn.redhat.com/errata/RHSA-2013-0752.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2013:0751 https://rhn.redhat.com/errata/RHSA-2013-0751.html
---
OpenJ
Bugzilla
CVE-2013-2429 OpenJDK: JPEGImageWriter state corruption (ImageIO, 8007918)
bugzilla·2013-04-16·CVSS 7.6
CVE-2013-2429 [HIGH] CVE-2013-2429 OpenJDK: JPEGImageWriter state corruption (ImageIO, 8007918)
CVE-2013-2429 OpenJDK: JPEGImageWriter state corruption (ImageIO, 8007918)
It was discovered that JPEGImageWriter did not protect against modification of its state while performing certain native code operations. An untrusted Java application or applet could possibly use this flaw to trigger JVM memory corruption.
Discussion:
Public now via Oracle Java SE CPU April 2014:
http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html
Fixed in Oracle Java SE 7u21 and 6u45.
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2013:0752 https://rhn.redhat.com/errata/RHSA-2013-0752.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2013:0751 https://rhn.redhat.com/errata/RHSA-2013-
Bugzilla
CVE-2013-2420 OpenJDK: image processing vulnerability (2D, 8007617)
bugzilla·2013-04-16·CVSS 10.0
CVE-2013-2420 [CRITICAL] CVE-2013-2420 OpenJDK: image processing vulnerability (2D, 8007617)
CVE-2013-2420 OpenJDK: image processing vulnerability (2D, 8007617)
It was discovered that the 2D component did not properly process certain images. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions.
Discussion:
Public now via Oracle Java SE CPU April 2014:
http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html
Fixed in 7u21 and 6u45.
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2013:0752 https://rhn.redhat.com/errata/RHSA-2013-0752.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2013:0751 https://rhn.redhat.com/errata/RHSA-2013-0751.html
---
OpenJDK7 upstream repositories commit:
http://hg.openjdk.ja
Bugzilla
CVE-2013-2431 OpenJDK: Hotspot intrinsic frames vulnerability (Hotspot, 8004336)
bugzilla·2013-04-16·CVSS 10.0
CVE-2013-2431 [CRITICAL] CVE-2013-2431 OpenJDK: Hotspot intrinsic frames vulnerability (Hotspot, 8004336)
CVE-2013-2431 OpenJDK: Hotspot intrinsic frames vulnerability (Hotspot, 8004336)
It was discovered that the Hotspot component did not properly handle certain intrinsic frames. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions.
Discussion:
Public now via Oracle Java SE CPU April 2014:
http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html
Fixed in Oracle Java SE 7u21.
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2013:0752 https://rhn.redhat.com/errata/RHSA-2013-0752.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2013:0751 https://rhn.redhat.com/errata/RHSA-2013-0751.html
---
OpenJDK7 upstream repositor
Bugzilla
CVE-2013-2426 OpenJDK: ConcurrentHashMap incorrectly calls defaultReadObject() method (Libraries, 8009063)
bugzilla·2013-04-16·CVSS 9.3
CVE-2013-2426 [CRITICAL] CVE-2013-2426 OpenJDK: ConcurrentHashMap incorrectly calls defaultReadObject() method (Libraries, 8009063)
CVE-2013-2426 OpenJDK: ConcurrentHashMap incorrectly calls defaultReadObject() method (Libraries, 8009063)
It was discovered that the ConcurrentHashMap class incorrectly calls the defaultReadObject() method. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions.
Discussion:
Public now via Oracle Java SE CPU April 2014:
http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html
Fixed in Oracle Java SE 7u21.
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2013:0752 https://rhn.redhat.com/errata/RHSA-2013-0752.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2013:0751 https://rhn.redhat.com/errata/RHSA-2013-0751.html
Bugzilla
CVE-2013-2421 OpenJDK: Hotspot MethodHandle lookup error (Hotspot, 8009699)
bugzilla·2013-04-16·CVSS 9.3
CVE-2013-2421 [CRITICAL] CVE-2013-2421 OpenJDK: Hotspot MethodHandle lookup error (Hotspot, 8009699)
CVE-2013-2421 OpenJDK: Hotspot MethodHandle lookup error (Hotspot, 8009699)
It was discovered that the Hotspot component did not properly perform certain MethodHandle lookups. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions.
Discussion:
Public now via Oracle Java SE CPU April 2014:
http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html
Fixed in Oracle Java SE 7u21.
---
OpenJDK7 upstream repositories commit:
http://hg.openjdk.java.net/jdk7u/jdk7u-dev/hotspot/rev/663b5c744e82
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2013:0752 https://rhn.redhat.com/errata/RHSA-2013-0752.html
---
This issue has been addressed in following products:
Red Hat Enterpri
Bugzilla
CVE-2013-2415 OpenJDK: temporary files created with insecure permissions (JAX-WS, 8003542)
bugzilla·2013-04-15·CVSS 2.1
CVE-2013-2415 [LOW] CVE-2013-2415 OpenJDK: temporary files created with insecure permissions (JAX-WS, 8003542)
CVE-2013-2415 OpenJDK: temporary files created with insecure permissions (JAX-WS, 8003542)
It was discovered that JAX-WS could possibly create temporary files with insecure permissions. A local attacker could use this flaw to access temporary files created by an application using JAX-WS.
Discussion:
Public now via Oracle Java SE CPU April 2014:
http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html
Fixed in Oracle Java SE 7u21.
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2013:0752 https://rhn.redhat.com/errata/RHSA-2013-0752.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2013:0751 https://rhn.redhat.com/errata/RHSA-2013-0751.html
---
OpenJDK7 upstream re
Bugzilla
CVE-2013-2423 OpenJDK: incorrect setter access checks in MethodHandles (Hostspot, 8009677)
bugzilla·2013-04-15·CVSS 3.7
CVE-2013-2423 [LOW] CVE-2013-2423 OpenJDK: incorrect setter access checks in MethodHandles (Hostspot, 8009677)
CVE-2013-2423 OpenJDK: incorrect setter access checks in MethodHandles (Hostspot, 8009677)
java.lang.invoke.MethodHandles did not perform access checks correctly. An untrusted Java application or applet could use this to set value of a final field.
Discussion:
Public now via Oracle Java SE CPU April 2014:
http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html
Fixed in Oracle Java SE 7u21.
---
OpenJDK7 upstream repositories commit:
http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/b453d9be6b3f
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2013:0752 https://rhn.redhat.com/errata/RHSA-2013-0752.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2013:0751 https:
2014-01-09
Published