Infinite Automation Systems Mango Automation vulnerabilities
8 known vulnerabilities affecting infinite_automation_systems/mango_automation.
Total CVEs
8
CISA KEV
0
Public exploits
7
Exploited in wild
0
Severity breakdown
MEDIUM7LOW1
Vulnerabilities
Page 1 of 1
CVE-2015-7901P3MEDIUMCVSS 6.5PoCv2.5.0v2.5.5+1 more2015-10-28
CVE-2015-7901 [MEDIUM] CWE-78 CVE-2015-7901: Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authentic
Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors.
nvd
CVE-2015-7904P3MEDIUMCVSS 6.5PoCv2.5.0v2.5.5+1 more2015-10-28
CVE-2015-7904 [MEDIUM] CVE-2015-7904: Unrestricted file upload vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x befor
Unrestricted file upload vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary JSP code via vectors involving an upload of an image file.
nvd
CVE-2015-7903P3MEDIUMCVSS 6.5PoCv2.5.0v2.5.5+1 more2015-10-28
CVE-2015-7903 [MEDIUM] CWE-89 CVE-2015-7903: SQL injection vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 bui
SQL injection vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
nvd
CVE-2015-6493P4MEDIUMCVSS 6.8PoCv2.5.0v2.5.5+1 more2015-10-28
CVE-2015-6493 [MEDIUM] CWE-352 CVE-2015-6493: Cross-site request forgery (CSRF) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.
Cross-site request forgery (CSRF) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.
nvd
CVE-2015-7902P4MEDIUMCVSS 5.0PoCv2.5.0v2.5.5+1 more2015-10-28
CVE-2015-7902 [MEDIUM] CWE-200 CVE-2015-7902: Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 provides different error
Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 provides different error messages for failed login attempts in unspecified circumstances, which allows remote attackers to obtain sensitive information via a series of requests.
nvd
CVE-2015-7900P4MEDIUMCVSS 4.3PoCv2.5.0v2.5.5+1 more2015-10-28
CVE-2015-7900 [MEDIUM] CWE-200 CVE-2015-7900: Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote attackers
Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote attackers to obtain sensitive debugging information by entering a crafted URL to trigger an exception, and then visiting a certain status page.
nvd
CVE-2015-6494P4LOWCVSS 3.5PoCv2.5.0v2.5.5+1 more2015-10-28
CVE-2015-6494 [LOW] CWE-79 CVE-2015-6494: Cross-site scripting (XSS) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x bef
Cross-site scripting (XSS) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2015-1179P4MEDIUMCVSS 4.3≤ 2.4.02015-01-26
CVE-2015-1179 [MEDIUM] CWE-79 CVE-2015-1179: Multiple cross-site scripting (XSS) vulnerabilities in data_point_details.shtm in Mango Automation 2
Multiple cross-site scripting (XSS) vulnerabilities in data_point_details.shtm in Mango Automation 2.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dpid, (2) dpxid, or (3) pid parameter.
nvd