Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2016
CVE-2016-2303
CRLF injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.
CVSS Score
5.3
EPSS Score
0.003
Published
2016-04-22
CVE-2016-2302
Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive information by reading detailed error messages.
CVSS Score
5.3
EPSS Score
0.003
Published
2016-04-22
CVE-2016-2301
SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVSS Score
6.3
EPSS Score
0.001
Published
2016-04-22
CVE-2016-2300
Ecava IntegraXor before 5.0 build 4522 allows remote attackers to bypass authentication and access unspecified web pages via unknown vectors.
CVSS Score
6.5
EPSS Score
0.002
Published
2016-04-22
CVE-2016-2299
SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVSS Score
7.3
EPSS Score
0.013
Published
2016-04-22
CVE-2016-3977
Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in giflib 5.1.2 allows remote attackers to cause a denial of service (application crash) via the background color index in a GIF file.
CVSS Score
5.5
EPSS Score
0.01
Published
2016-04-21
CVE-2016-3190
The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c in cairo before 1.14.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a negative span length.
CVSS Score
7.5
EPSS Score
0.007
Published
2016-04-21
CVE-2013-7449
The ssl_do_connect function in common/server.c in HexChat before 2.10.2, XChat, and XChat-GNOME does not verify that the server hostname matches a domain name in the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVSS Score
6.5
EPSS Score
0.003
Published
2016-04-21
CVE-2016-3466
Unspecified vulnerability in the Oracle Field Service component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Wireless.
CVSS Score
9.1
EPSS Score
0.003
Published
2016-04-21
CVE-2016-3465
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via vectors related to ZFS.
CVSS Score
5.5
EPSS Score
0.002
Published
2016-04-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved