Vulnerabilities > Ecava > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-12-20 CVE-2017-16735 SQL Injection vulnerability in Ecava Integraxor
A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior.
network
low complexity
ecava CWE-89
5.3
2017-12-20 CVE-2017-16733 SQL Injection vulnerability in Ecava Integraxor
A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior.
network
low complexity
ecava CWE-89
5.3
2016-04-22 CVE-2016-2305 Cross-site Scripting vulnerability in Ecava Integraxor
Cross-site scripting (XSS) vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ecava CWE-79
6.1
2016-04-22 CVE-2016-2304 Information Exposure vulnerability in Ecava Integraxor
Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
network
low complexity
ecava CWE-200
4.3
2016-04-22 CVE-2016-2303 Unspecified vulnerability in Ecava Integraxor
CRLF injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.
network
low complexity
ecava
5.3
2016-04-22 CVE-2016-2302 Information Exposure vulnerability in Ecava Integraxor
Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive information by reading detailed error messages.
network
low complexity
ecava CWE-200
5.3
2016-04-22 CVE-2016-2301 SQL Injection vulnerability in Ecava Integraxor
SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
ecava CWE-89
6.3
2016-04-22 CVE-2016-2300 Improper Authentication vulnerability in Ecava Integraxor
Ecava IntegraXor before 5.0 build 4522 allows remote attackers to bypass authentication and access unspecified web pages via unknown vectors.
network
low complexity
ecava CWE-287
6.5