HomePentest-Tools.com Logo

ECAVA IntegraXor Multiple Vulnerabilities CVE-2016-2299CVE-2016-2300CVE-2016-2301CVE-2016-2302CVE-2016-2303CVE-2016-2304CVE-2016-2305CVE-2016-2306

Severity
CVSSv3 Score
7.5
Vulnerability description

ECAVA IntegraXor is prone to multiple vulnerabilities.

Risk description

ECAVA IntegraXor is prone to multiple vulnerabilities: SQL injection vulnerability allows remote attackers to execute arbitrary SQL commands via unspecified vectors. (CVE-2016-2299) Remote attackers may bypass authentication and access unspecified web pages via unknown vectors. (CVE-2016-2300) SQL injection vulnerability allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. (CVE-2016-2301) Remote attackers may obtain sensitive information by reading detailed error messages. (CVE-2016-2302) CRLF injection vulnerability allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. (CVE-2016-2303) ECAVA IntegraXor does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. (CVE-2016-2304) Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via a crafted URL. (CVE-2016-2305) The HMI web server allows remote attackers to obtain sensitive cleartext information by sniffing the network. (CVE-2016-2306) The impact ranges from bypassing authentication to execute arbitrary SQL commands.

Recommendation

Update to 5.0.4522 or later versions.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Apr 22, 2016
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available