 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.106115 |
| Categoría: | Web application abuses |
| Título: | ECAVA IntegraXor < 5.0.4522 Multiple Vulnerabilities |
| Resumen: | ECAVA IntegraXor is prone to multiple vulnerabilities. |
| Descripción: | Summary: ECAVA IntegraXor is prone to multiple vulnerabilities. Vulnerability Insight: ECAVA IntegraXor is prone to multiple vulnerabilities: - CVE-2016-2299: SQL injection vulnerability allows remote attackers to execute arbitrary SQL commands via unspecified vectors. - CVE-2016-2300: Remote attackers may bypass authentication and access unspecified web pages via unknown vectors. - CVE-2016-2301: SQL injection vulnerability allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. - CVE-2016-2302: Remote attackers may obtain sensitive information by reading detailed error messages. - CVE-2016-2303: CRLF injection vulnerability allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. - CVE-2016-2304: ECAVA IntegraXor does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. - CVE-2016-2305: Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via a crafted URL. - CVE-2016-2306: The HMI web server allows remote attackers to obtain sensitive cleartext information by sniffing the network. Vulnerability Impact: The impact ranges from bypassing authentication to execute arbitrary SQL commands. Affected Software/OS: ECAVA IntegraXor version 4.2.4502 and prior. Solution: Update to version 5.0.4522 or later. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2016-2299 http://www.zerodayinitiative.com/advisories/ZDI-16-236 http://www.zerodayinitiative.com/advisories/ZDI-16-237 http://www.zerodayinitiative.com/advisories/ZDI-16-238 http://www.zerodayinitiative.com/advisories/ZDI-16-239 http://www.zerodayinitiative.com/advisories/ZDI-16-240 https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03 Common Vulnerability Exposure (CVE) ID: CVE-2016-2300 Common Vulnerability Exposure (CVE) ID: CVE-2016-2301 Common Vulnerability Exposure (CVE) ID: CVE-2016-2302 Common Vulnerability Exposure (CVE) ID: CVE-2016-2303 Common Vulnerability Exposure (CVE) ID: CVE-2016-2304 Common Vulnerability Exposure (CVE) ID: CVE-2016-2305 Common Vulnerability Exposure (CVE) ID: CVE-2016-2306 |
| Copyright | Copyright (C) 2016 Greenbone AG |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |