Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-22 | CVE-2016-1595 | Information Exposure vulnerability in Novell Service Desk 7.1 LiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile in Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to conduct Hibernate Query Language (HQL) injection attacks and obtain sensitive information via the entityName parameter. | 6.5 |
| 2016-04-22 | CVE-2016-1594 | Information Exposure vulnerability in Novell Service Desk 7.1 Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to read arbitrary attachments via a request to a LiveTime.woa URL, as demonstrated by obtaining sensitive information via a (1) downloadLogFiles or (2) downloadFile action. | 6.5 |
| 2016-04-22 | CVE-2016-3145 | Information Exposure vulnerability in Lexmark Printer Firmware Lexmark printers with firmware ATL before ATL.021.063, CB before CB.021.063, PP before PP.021.063, and YK before YK.021.063 mishandle Erase Printer Memory and Erase Hard Disk actions, which allows physically proximate attackers to obtain sensitive information via direct read operations on non-volatile memory. | 4.6 |
| 2016-04-22 | CVE-2016-2305 | Cross-site Scripting vulnerability in Ecava Integraxor Cross-site scripting (XSS) vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 6.1 |
| 2016-04-22 | CVE-2016-2304 | Information Exposure vulnerability in Ecava Integraxor Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | 4.3 |
| 2016-04-22 | CVE-2016-2303 | Unspecified vulnerability in Ecava Integraxor CRLF injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. | 5.3 |
| 2016-04-22 | CVE-2016-2302 | Information Exposure vulnerability in Ecava Integraxor Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive information by reading detailed error messages. | 5.3 |
| 2016-04-22 | CVE-2016-2301 | SQL Injection vulnerability in Ecava Integraxor SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.3 |
| 2016-04-22 | CVE-2016-2300 | Improper Authentication vulnerability in Ecava Integraxor Ecava IntegraXor before 5.0 build 4522 allows remote attackers to bypass authentication and access unspecified web pages via unknown vectors. | 6.5 |
| 2016-04-21 | CVE-2016-3977 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in giflib 5.1.2 allows remote attackers to cause a denial of service (application crash) via the background color index in a GIF file. | 5.5 |