WordPress Google Analytics MU插件跨站请求伪造漏洞

Bugtraq ID:65926 WordPress是一种使用PHP语言开发的博客平台，用户可以在支持PHP和MySQL数据库的服务器上架设自己的网志。 WordPress Google Analytics MU存在跨站请求伪造漏洞，允许远程攻击者构建恶意URI，诱使用户解析，可以目标用户上下文执行恶意操作。 0 WordPress Google Analytics MU 2.3 目前没有详细解决方案提供： http://wordpress.org/plugins/google-analytics-mu/ A simple form which changes the analytics...

Open Web Analytics < 1.5.6 Reflected XSS Vulnerability - Active Check

Open Web Analytics is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Google Analytics MU 2.3 Cross Site Request Forgery

Details ================ Software: Google Analytics MU Version: 2.3 Homepage: http://wordpress.org/plugins/google-analytics-mu/ CVSS: 5.8 Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N Description ================ CSRF in Google Analytics MU 2.3 Vulnerability ================ If an admin visits a page of the...

CVE-2014-1456

Cross-site scripting XSS vulnerability in the login page in Open Web Analytics OWA before 1.5.6 allows remote attackers to inject arbitrary web script or HTML via the owauserid parameter to index.php...

Cross site scripting

Cross-site scripting XSS vulnerability in the login page in Open Web Analytics OWA before 1.5.6 allows remote attackers to inject arbitrary web script or HTML via the owauserid parameter to index.php...

CVE-2014-1456

Cross-site scripting XSS vulnerability in the login page in Open Web Analytics OWA before 1.5.6 allows remote attackers to inject arbitrary web script or HTML via the owauserid parameter to index.php...

CVE-2014-1456

Open Web Analytics (OWA) prior to version 1.5.6 is affected by CVE-2014-1456, a cross-site scripting (XSS) vulnerability in the login page. The issue allows injection of arbitrary script or HTML via the owa_user_id parameter to index.php, with impact described as partial integrity impact and no c...

Open Web Analytics 1.5.4 - owa_email_address SQL Injection

Open Web Analytics 1.5.4 - owaemailaddress SQL Injection """ Dell SecureWorks Security Advisory SWRX-2014-001 Open Web Analytics Pre-Auth SQL Injection Advisory Information Title: Open Web Analytics Pre-Auth SQL Injection Advisory ID: SWRX-2014-001 Advisory URL:...

Open Web Analytics 1.5.4 Pre-Auth SQL Injection Vulnerability

Open Web Analytics OWA is open source web analytics software that can track and analyze how visitors use websites and applications. OWA is vulnerable to SQL injection that allows an attacker to execute arbitrary SQL statements in the context of the configured OWA database user without...

Open Web Analytics 1.5.4 - &#039;owa_email_address&#039; SQL Injection

""" Dell SecureWorks Security Advisory SWRX-2014-001 Open Web Analytics Pre-Auth SQL Injection Advisory Information Title: Open Web Analytics Pre-Auth SQL Injection Advisory ID: SWRX-2014-001 Advisory URL: http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2014-001/ Date...

Open Web Analytics Pre-Auth SQL Injection

Dell SecureWorks Security Advisory SWRX-2014-001 Open Web Analytics Pre-Auth SQL Injection Advisory Information Title: Open Web Analytics Pre-Auth SQL Injection Advisory ID: SWRX-2014-001 Advisory URL: http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2014-001/ Date published:...

CVE-2012-3000

Summary: CVE-2012-3000 is an SQL injection vulnerability affecting multiple BIG-IP components (APM WebGUI, AVR WebGUI, and related WebGUIs) on BIG-IP LTM, GTM, ASM, Link Controller, PSM, Edge Gateway, Analytics, WebAccelerator, and WOM up to 11.2.x with specific HF3 fixes. Affected path/trigger: ...

Open Web Analytics (OWA) Detection (HTTP)

HTTP based detection of Open Web Analytics OWA. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Open Web Analytics < 1.5.5 SQLi Vulnerability - Active Check

Open Web Analytics is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2014-1206

SQL injection vulnerability in the password reset page in Open Web Analytics OWA before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the owaemailaddress parameter in a base.passwordResetRequest action to index.php...

Sql injection

SQL injection vulnerability in the password reset page in Open Web Analytics OWA before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the owaemailaddress parameter in a base.passwordResetRequest action to index.php...

CVE-2014-1206

Open Web Analytics (OWA)

CVE-2014-1206

SQL injection vulnerability in the password reset page in Open Web Analytics OWA before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the owaemailaddress parameter in a base.passwordResetRequest action to index.php...

Open Web Analytics 'owa_email_address'参数SQL注入漏洞

BUGTRAQ ID: 64774 CVECAN ID: CVE-2014-1206 Open Web Analytics是一个开源的网站流量统计系统。 Open Web Analytics 1.5.4及更早版本没有正确过滤index.php的"owaemailaddress"参数（"owado"设置为"base.passwordResetForm"，"owaaction"设置为"base.passwordResetRequest"），在实现上存在安全漏洞，可导致注入任意SQL代码。 0 Open Web Analytics Open Web Analytics = 1.5.4 Open...

ESA-2013-080: RSA Security Analytics Multiple Vulnerabilities

ESA-2013-080.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-080: RSA Security Analytics Multiple Vulnerabilities EMC Identifier: ESA-2013-080 CVE Identifier: CVE-2013-6180 Severity Rating: CVSS v2 Base Score: See below for individual scores Affected Products: RSA Security Analytics 10...