Vulnerabilities > Ecava > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-20 | CVE-2017-16735 | SQL Injection vulnerability in Ecava Integraxor A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. | 5.0 |
| 2017-12-20 | CVE-2017-16733 | SQL Injection vulnerability in Ecava Integraxor A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. | 5.0 |
| 2016-04-22 | CVE-2016-2305 | Cross-site Scripting vulnerability in Ecava Integraxor Cross-site scripting (XSS) vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
| 2016-04-22 | CVE-2016-2304 | Information Exposure vulnerability in Ecava Integraxor Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | 4.3 |
| 2016-04-22 | CVE-2016-2303 | Unspecified vulnerability in Ecava Integraxor CRLF injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. | 5.0 |
| 2016-04-22 | CVE-2016-2302 | Information Exposure vulnerability in Ecava Integraxor Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive information by reading detailed error messages. | 5.0 |
| 2016-04-22 | CVE-2016-2301 | SQL Injection vulnerability in Ecava Integraxor SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
| 2016-04-22 | CVE-2016-2300 | Improper Authentication vulnerability in Ecava Integraxor Ecava IntegraXor before 5.0 build 4522 allows remote attackers to bypass authentication and access unspecified web pages via unknown vectors. | 6.4 |
| 2015-04-03 | CVE-2015-0990 | Local Code Execution vulnerability in Ecava Integraxor SCADA Server Untrusted search path vulnerability in Ecava IntegraXor SCADA Server before 4.2.4488 allows local users to gain privileges via a renamed DLL in the default install directory. local ecava | 4.4 |
| 2014-09-15 | CVE-2014-2377 | Information Exposure vulnerability in Ecava Integraxor Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag. | 5.0 |