Vulnerabilities > Ecava > Integraxor > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-12-20 | CVE-2017-16735 | SQL Injection vulnerability in Ecava Integraxor A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. | 5.3 |
2017-12-20 | CVE-2017-16733 | SQL Injection vulnerability in Ecava Integraxor A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. | 5.3 |
2016-04-22 | CVE-2016-2305 | Cross-site Scripting vulnerability in Ecava Integraxor Cross-site scripting (XSS) vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 6.1 |
2016-04-22 | CVE-2016-2304 | Information Exposure vulnerability in Ecava Integraxor Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | 4.3 |
2016-04-22 | CVE-2016-2303 | Unspecified vulnerability in Ecava Integraxor CRLF injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. | 5.3 |
2016-04-22 | CVE-2016-2302 | Information Exposure vulnerability in Ecava Integraxor Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive information by reading detailed error messages. | 5.3 |
2016-04-22 | CVE-2016-2301 | SQL Injection vulnerability in Ecava Integraxor SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.3 |
2016-04-22 | CVE-2016-2300 | Improper Authentication vulnerability in Ecava Integraxor Ecava IntegraXor before 5.0 build 4522 allows remote attackers to bypass authentication and access unspecified web pages via unknown vectors. | 6.5 |