Ecava : Security Vulnerabilities, CVEs, Published In 2016
The HMI web server in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive cleartext information by sniffing the network.
Max CVSS
7.8
EPSS Score
0.35%
Published
2016-04-22
Updated
2016-04-27
Cross-site scripting (XSS) vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Max CVSS
6.1
EPSS Score
0.34%
Published
2016-04-22
Updated
2016-04-27
Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
Max CVSS
4.3
EPSS Score
0.16%
Published
2016-04-22
Updated
2016-04-28
CRLF injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.
Max CVSS
5.3
EPSS Score
0.18%
Published
2016-04-22
Updated
2016-04-27
Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive information by reading detailed error messages.
Max CVSS
5.3
EPSS Score
0.18%
Published
2016-04-22
Updated
2016-04-27
SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
6.5
EPSS Score
0.11%
Published
2016-04-22
Updated
2016-04-27
Ecava IntegraXor before 5.0 build 4522 allows remote attackers to bypass authentication and access unspecified web pages via unknown vectors.
Max CVSS
6.5
EPSS Score
0.18%
Published
2016-04-22
Updated
2016-04-27
SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
7.5
EPSS Score
1.66%
Published
2016-04-22
Updated
2016-12-03
8 vulnerabilities found