CVE-2010-4598

EXPLOITED

Ecava Integraxor < 3.6.4000.0 - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in Ecava IntegraXor 3.6.4000.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file_name parameter in an open request.

Exploits (1)

exploitdb WRITEUP

by Luigi Auriemma · textremotewindows

https://www.exploit-db.com/exploits/15802

View Code ZIP pw:eip

References (8)

[Exploit] http://aluigi.org/adv/integraxor_1-adv.txt

[Third Party Advisory] http://secunia.com/advisories/42730

[Exploit] http://www.exploit-db.com/exploits/15802

[Various Sources] http://www.integraxor.com/blog/integraxor-3-6-scada-security-issue-20101222-0323-vulnerability-note

[US Government Resource] http://www.kb.cert.org/vuls/id/979776

[Exploit] http://www.securityfocus.com/bid/45535

[Various Sources] http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-10-355-01.pdf

[Vendor Advisory] http://www.vupen.com/english/advisories/2010/3304

Scores

EPSS 0.0128

EPSS Percentile 79.6%

Details

VulnCheck KEV 2022-01-12

CWE

CWE-22

Status published

Products (3)

ecava/integraxor 3.5.3900.5

ecava/integraxor 3.5.3900.10

ecava/integraxor < 3.6.4000.0

Published Dec 23, 2010

Tracked Since Feb 18, 2026