CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7660 matches found

0day.today•added 2009/10/19 12:0 a.m.•23 views

Piwik <= 1357 2009-08-02 file upload and code execution

Exploit for unknown platform in category web applications ======================================================================== Piwik Build = 1357 2009-08-02 ofcuploadimage.php Remote File Upload ======================================================================== Piwik Build = 1357...

7.1AI score

Exploits0

seebug.org•added 2009/10/19 12:0 a.m.•21 views

Piwik <= 1357 2009-08-02 file upload and code execution

No description provided by source. Piwik Build = 1357 2009-08-02 ofcuploadimage.php Remote File Upload Discovery: Braeden Thomas Versions Affected: All Piwik versions utilising open-flash-chart I. DESCRIPTION Piwik is an open source web analytics software. It gives interesting reports on your...

7.1AI score

Exploits0

Tenable Nessus•added 2009/08/21 12:0 a.m.•15 views

Google Analytics on An Internal Web Server Detection

A link to urchin.js from Google Analytics has been found on this internal web server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription scriptid40668; scriptversion"1.9"; scriptsetattributeattribute:"pluginmodificationdate",...

5.3AI score

Exploits0References1

myhack58•added 2009/04/24 12:0 a.m.•15 views

Use GOOGLE Analyzer do server limit dos-vulnerability warning-the black bar safety net

This article is purely YY, and finally did not practice success, but does not exclude other sites have similar possible. Many sites are using google's statistics. When we from a website, A link to a google statistics Site B, google will record the referer URI, and stored into the B COOKIE. If we...

Exploits0

Packet Storm•added 2008/12/09 12:0 a.m.•39 views

Google Analytics Stored Cross Site Scripting

====================================================== ================= = Google Analytics - Stored Cross Site Scripting Vulnerability = = Vendor Website: = http://www.google.com = = Affected Version: = -- http://www.google.com/analytics/ = = Public disclosure on 8th December 2008 =...

7.4AI score

Exploits0

Fedora•added 2008/09/10 6:38 a.m.•28 views

[SECURITY] Fedora 9 Update: awstats-6.8-2.fc9

Advanced Web Statistics is a powerful and featureful tool that generates advanced web server graphic statistics. This server log analyzer works from command line or as a CGI and shows you all information your log contai ns, in graphical web pages. It can analyze a lot of web/wap/proxy servers lik...

4.3CVSS0.5AI score0.05597EPSS

Exploits1

WPVulnDB•added 2008/01/30 12:0 a.m.•13 views

WassUp 1.4.3 - (spy.php to_date) SQL Injection Exploit

The WassUp Real Time Analytics WordPress plugin was affected by a spy.php todate SQL Injection Exploit security vulnerability...

7.5CVSS2.4AI score0.02851EPSS

Exploits0References2Affected Software1

securityvulns•added 2007/12/24 12:0 a.m.•57 views

Logaholic Web Analytics Software

Logaholic Web Analytics Software Bug found by malibu.r Contact: [email protected] SQL Injection GET /logaholic/index.php?conf=nameofprofile&from=SQL INJECTION GET /logaholic/update.php?conf=nameofprofile&page=SQL INjection Cross Site Scripting POST variable "newconfname" in...

1.6AI score

Exploits0

securityvulns•added 2007/09/28 12:0 a.m.•5602 views

Authorization bypass in Urchin

Здравствуйте 3APA3A! Сообщаю вам об ещё одной уязвимости в Urchin Web Analytics. В ваших новостях http://securityvulns.ru/news/CGI/2007.09.25.html упоминается Cross-Site Scripting уязвимость в Urchin. Относительно данной уязвимости замечу, что как я уже написал автору в комментариях к его сообщен...

Exploits0

securityvulns•added 2007/09/25 12:0 a.m.•32 views

Google Urchin password theft madness

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 There is a trivially exploitable XSS vul on Google Urchin Web Analytics 5's login page. The vulnerability has been tested on versions 5.6.00r2, v5.7.01, 5.7.02 and 5.7.03 latest. Previous versions are most likely to be affected as well. I know that...

0.5AI score

Exploits0

NVD•added 2007/07/06 7:30 p.m.•13 views

CVE-2007-3604

vtiger CRM before 5.0.3 allows remote authenticated users with access to the Analytics DashBoard menu to bypass data restrictions and read the pipeline of the entire organization, possibly involving modules/Potentials/Potentials.php...

4CVSS6.4AI score0.01077EPSS

Exploits0References5

Cvelist•added 2007/07/06 7:0 p.m.•18 views

CVE-2007-3604

6.4AI score0.01077EPSS

Exploits0References5

Tenable Nessus•added 2005/08/10 12:0 a.m.•141 views

AWStats Referrer Header Arbitrary Command Execution

The remote host is running AWStats, an open source web analytics tool used for analyzing data from internet services such as web, streaming, media, mail and FTP servers. The version of AWStats installed on the remote host collects data about the web referrers and uses them without proper sanitati...

5CVSS5.9AI score0.02665EPSS

Exploits0References4

Microsoft Security Update•added 1970/01/01 12:0 a.m.•9 views

SQL 2005 English x64

...

1.2AI score

Exploits0

Microsoft Security Update•added 1970/01/01 12:0 a.m.•13 views

Microsoft Advanced Threat Analytics 1.7 Update 1

Role based access control. Windows Server core support. Reconnaissance using Directory Services Enumeration detection. Pass-the-Ticket detections enhancements. Unusual Protocol Implementation detection enhancements...

2.5AI score

Exploits0

Microsoft Security Update•added 1970/01/01 12:0 a.m.•12 views

Microsoft Advanced Threat Analytics

Product Family for Microsoft Advanced Threat Analytics...

1.8AI score

Exploits0

Microsoft Security Update•added 1970/01/01 12:0 a.m.•7 views

Microsoft Advanced Threat Analytics

...

1.9AI score

Exploits0