7672 matches found
CVE-2014-6172
IBM API Management 3.0 before 3.0.4.0 IF1 allows remote attackers to obtain sensitive analytics information in an encrypted form via unspecified vectors...
CVE-2014-8730
CVE-2014-8730 is listed in Brocade ASCG advisories as addressed by security updates; the connected document shows this CVE mapped to general remote services and notes fixes are provided via ASCG updates (e.g., 3.3.0/3.3.0a). The initial description describes a POODLE-style padding issue in SSL/TL...
SA-CONTRIB-2014-120 - Piwik Web Analytics - Information disclosure
This module enables you to integrate Drupal with Piwik Web Analytics. The module leaks the site specific hash salt to authenticated users when user-id tracking is turned on. This vulnerability is mitigated by the fact that user-id tracking must be turned on and the attacker needs to have an accou...
SA-CONTRIB-2014-119 - Google Analytics - Information disclosure
This module enables you to integrate Drupal with Google Analytics. The module leaks the site specific hash salt to authenticated users when user-id tracking is turned on. This vulnerability is mitigated by the fact that user-id tracking must be turned on and the attacker needs to have an account ...
Avoiding Data Breaches: Context Aware Behavioral Analytics
RESTON, VA – Security, it turns out, is all about layers, where if one layer fails, there are secondary and tertiary and a long line of backup defenses. This is neither new nor revolutionary. It’s why castles had moats, drawbridges and parapets; it’s also why prisons have cells, walls and gates...
CVE-2014-9174
Cross-site scripting XSS vulnerability in the Google Analytics by Yoast google-analytics-for-wordpress plugin before 5.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "Manually enter your UA code" manualuacodefield field in the General Settings...
Cross site scripting
Cross-site scripting XSS vulnerability in the Google Analytics by Yoast google-analytics-for-wordpress plugin before 5.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "Manually enter your UA code" manualuacodefield field in the General Settings...
CVE-2014-9174
The CVE-2014-9174 entry corresponds to a Cross-site scripting (XSS) vulnerability in the WordPress plugin Google Analytics by Yoast (google-analytics-for-wordpress) prior to version 5.1.3. The issue arises from unsafely handling the value entered in the General Settings field “Manually enter your...
CVE-2014-9174
Cross-site scripting XSS vulnerability in the Google Analytics by Yoast google-analytics-for-wordpress plugin before 5.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "Manually enter your UA code" manualuacodefield field in the General Settings...
WordPress Google Analytics Plugin <= 5.1.2 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "Manually enter your UA code" field in the General Settings. Solution Update the plugin...
Open Web Analytics 1.5.6 PHP Object Injection Vulnerability
Exploit for php platform in category web applications Open Web Analytics setSetting'base', 'isremoteeventqueue', true; $owa-e-debug$POST; $rawevent = owacoreAPI::getRequestParam'event'; if $rawevent $dispatch = owacoreAPI::getEventDispatch; $event = unserialize base64decode $rawevent ;...
Google Analytics by Yoast <= 5.1.2 Cross-Site Scripting (XSS)
The value of the input field "manualuacodefield" Analytics Settings is saved without any validation. Malicious JavaScript code can be injected. Screenshots: http://imgur.com/4TA6sSe,DFUlAy51 http://imgur.com/4TA6sSe,DFUlAy50...
Open Source OpenSOC Security Analytics Framework Released
Cisco announced today that it has made available through open source a framework that integrates data analytics tools into security operations. “The OpenSOC framework helps organizations make big data part of their technical security strategy by providing a platform for the application of anomaly...
CVE-2014-6032
CVE-2014-6032 describes multiple XXE flaws in the Configuration utility of F5 BIG-IP products (LTM, ASM, GTM, Link Controller, AAM, ARM, Analytics, APM/Edge Gateway, PEM, PSM, WOM, Enterprise Manager) affecting versions ranging from 10.0.0 through 10.2.4 and 11.0.0 through 11.6.0 (and related hot...
Code injection
F5 BIG-IP Analytics 11.x before 11.4.0 uses a predictable session cookie, which makes it easier for remote attackers to have unspecified impact by guessing the value...
CVE-2013-7408
F5 BIG-IP Analytics 11.x before 11.4.0 uses a predictable session cookie, which makes it easier for remote attackers to have unspecified impact by guessing the value...
CVE-2013-7408
Summary of CVE-2013-7408 (F5 BIG-IP Analytics): 11.x before 11.4.0 uses a predictable analytics session cookie, allowing remote attackers to guess the cookie value with unspecified impact. The vulnerability affects BIG-IP Analytics across multiple sources, with evidence in Red Hat and F5 advisory...
TIBCO Spotfire Analytics Server Authentication Module Unspecified Information Disclosure
The remote host is running a version of TIBCO Spotfire Analytics Server that is affected by an information disclosure vulnerability due to an unspecified flaw in the Authentication Module. A remote attacker can exploit this vulnerability to access sensitive information by sending a specially...
TIBCO Spotfire Analytics Server Web Application Multiple Vulnerabilities
The remote host is running a version of TIBCO Spotfire Analytics Server that is affected by multiple vulnerabilities : - A cross-site scripting vulnerability exists that allows a remote attacker to view or modify sensitive information. CVE-2011-3132 - A session fixation vulnerability exists that...
F5 Networks BIG-IP : iControl vulnerability (K15220)
The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 11.0.0 through 11.5.1, BIG-IP AAM 11.4.0 through 11.5.1, BIG-IP AFM and PEM 11.3.0 through 11.5.1, BIG-IP Analytics 11.0.0 through 11.5.1, BIG-IP Edge Gateway, WebAccelerator, WOM 11.0.0 through 11.3.0, Enterprise Manager...