7661 matches found
Piwik < 0.6 form_url参数跨站脚本漏洞
BugCVE: CVE-2010-1453 BUGTRAQ: 39144 Piwik是一款利用Php+MySQL技术构建的开源网页访问统计系统。 Piwik没有正确地过滤提交给index.php页面的formurl参数便返回给了用户,攻击者诱骗用户跟随恶意的登录URL链接就可以执行反射式跨站脚本攻击,导致在用户浏览器会话中执行任意HTML和脚本代码。 Piwik 0.6 厂商补丁: Piwik ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://piwik.org/latest.zip...
Open Web Analytics 1.2.3 Local / Remote File Inclusion
=========================================================================== Topic : Open Web Analytics 1.2.3 Bug type : multi file include Download : http://downloads.openwebanalytics.com/owa/owa123.tar Advisory : =========================================================================== Author ...
Open Web Analytics 1.2.3 - Multiple File Inclusions
Open Web Analytics 1.2.3 - Multiple File Inclusions =========================================================================== Topic : Open Web Analytics 1.2.3 Bug type : multi file include Download : http://downloads.openwebanalytics.com/owa/owa123.tar Advisory :...
Open Web Analytics 1.2.3 - Multiple File Inclusions
=========================================================================== Topic : Open Web Analytics 1.2.3 Bug type : multi file include Download : http://downloads.openwebanalytics.com/owa/owa123.tar Advisory : =========================================================================== Author ...
Open Web Analytics 1.2.3 multi file include
Exploit for php platform in category web applications =========================================== Open Web Analytics 1.2.3 multi file include =========================================== =========================================================================== Topic : Open Web Analytics 1.2.3 Bu...
Unrestricted file upload
Unrestricted file upload vulnerability in ofcuploadimage.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3, Woopra Analytics Plugin before 1.4.3.2, and possibly other products, when registerglobals is enabled, allows remote authenticated users to...
CVE-2009-4140
Unrestricted file upload vulnerability in ofcuploadimage.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3, Woopra Analytics Plugin before 1.4.3.2, and possibly other products, when registerglobals is enabled, allows remote authenticated users to...
CVE-2009-4140
CVE-2009-4140 affects Open Flash Chart’s ofc_upload_image.php in Open Flash Chart v2 Beta1 through v2 Lug Wyrm Charmer, used by Piwik 0.2.35–0.4.3 and Woopra Plugin before 1.4.3.2. The issue is an unrestricted file upload when register_globals is enabled, allowing remote authenticated users to up...
CVE-2009-4140
Unrestricted file upload vulnerability in ofcuploadimage.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3, Woopra Analytics Plugin before 1.4.3.2, and possibly other products, when registerglobals is enabled, allows remote authenticated users to...
Yoast Google Analytics Cross Site Scripting
Yoast GA Plugin for WP - Cross Site Scripting Vulnerability Version Affected: 3.2.4 newest Info: The Google Analytics for WordPress plugin automatically tracks and segments all outbound links from within posts, comment author links, links within comments, blogroll links and downloads. It also...
WordPress Plugin Yoast Google Analytics 3.2.4 - 404 Error Page Cross-Site Scripting
WordPress Plugin Yoast Google Analytics 3.2.4 - 404 Error Page Cross-Site Scripting source: https://www.securityfocus.com/bid/37209/info Yoast Google Analytics for WordPress Plugin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An...
[InterN0T] Google Analytics plugin for Wordpress - XSS Vulnerability
Yoast GA Plugin for WP - Cross Site Scripting Vulnerability Version Affected: 3.2.4 newest Info: The Google Analytics for WordPress plugin automatically tracks and segments all outbound links from within posts, comment author links, links within comments, blogroll links and downloads. It also...
WordPress Google Analytics Plugin 3.2.4 - 404 Error Page Cross-Site Scripting Vulnerability
This Google Analytics plugin is prone to a cross-site scripting vulnerability. Application fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal cookie-based...
WordPress Yoast GA 3.2.4 Plugin XSS
Exploit for unknown platform in category web applications ================================ Yoast GA 3.2.4 Plugin for WP XSS ================================ Info: The Google Analytics for WordPress plugin automatically tracks and segments all outbound links from within posts, comment author links...
WordPress Plugin Yoast Google Analytics 3.2.4 - 404 Error Page Cross-Site Scripting
source: https://www.securityfocus.com/bid/37209/info Yoast Google Analytics for WordPress Plugin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...
Piwik Build 1357 2009-08-02 Remote File Upload
Piwik Build , fclose$jfh; ? IV. PROOF OF CONCEPT ./libs/open-flash-chart/php-ofc-library/ofcuploadimag...
Piwik 1357 2009-08-02 - Arbitrary File Upload Code Execution
Piwik 1357 2009-08-02 - Arbitrary File Upload Code Execution Piwik Build , fclose$jfh; ? IV. PROOF OF CONCEPT ./libs/open-flash-chart/php-ofc-library/ofc...
Piwik <= 1357 2009-08-02 file upload and code execution
Exploit for unknown platform in category web applications ======================================================================== Piwik Build = 1357 2009-08-02 ofcuploadimage.php Remote File Upload ======================================================================== Piwik Build = 1357...
Piwik <= 1357 2009-08-02 file upload and code execution
No description provided by source. Piwik Build = 1357 2009-08-02 ofcuploadimage.php Remote File Upload Discovery: Braeden Thomas Versions Affected: All Piwik versions utilising open-flash-chart I. DESCRIPTION Piwik is an open source web analytics software. It gives interesting reports on your...
Google Analytics on An Internal Web Server Detection
A link to urchin.js from Google Analytics has been found on this internal web server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription scriptid40668; scriptversion"1.9"; scriptsetattributeattribute:"pluginmodificationdate",...