92 matches found
Open Web Analytics 'owa_email_address'参数SQL注入漏洞
BUGTRAQ ID: 64774 CVECAN ID: CVE-2014-1206 Open Web Analytics是一个开源的网站流量统计系统。 Open Web Analytics 1.5.4及更早版本没有正确过滤index.php的"owaemailaddress"参数("owado"设置为"base.passwordResetForm","owaaction"设置为"base.passwordResetRequest"),在实现上存在安全漏洞,可导致注入任意SQL代码。 0 Open Web Analytics Open Web Analytics = 1.5.4 Open...
CVE-2010-2676
Multiple directory traversal vulnerabilities in index.php in Open Web Analytics OWA 1.2.3 might allow remote attackers to read arbitrary files via directory traversal sequences in the 1 owaaction and 2 owado parameters...
CVE-2010-2677
PHP remote file inclusion vulnerability in mwplugin.php in Open Web Analytics OWA 1.2.3, when magicquotesgpc is disabled and registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. NOTE: some of these details are obtained from third party...
Directory traversal
Multiple directory traversal vulnerabilities in index.php in Open Web Analytics OWA 1.2.3 might allow remote attackers to read arbitrary files via directory traversal sequences in the 1 owaaction and 2 owado parameters...
Remote file inclusion
PHP remote file inclusion vulnerability in mwplugin.php in Open Web Analytics OWA 1.2.3, when magicquotesgpc is disabled and registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. NOTE: some of these details are obtained from third party...
CVE-2010-2677
PHP remote file inclusion vulnerability in mwplugin.php in Open Web Analytics OWA 1.2.3, when magicquotesgpc is disabled and registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. NOTE: some of these details are obtained from third party...
CVE-2010-2676
Multiple directory traversal vulnerabilities in index.php in Open Web Analytics OWA 1.2.3 might allow remote attackers to read arbitrary files via directory traversal sequences in the 1 owaaction and 2 owado parameters...
CVE-2010-2677
Open Web Analytics (OWA) 1.2.3 is affected by a PHP remote file inclusion due to mw_plugin.php, where enabling register_globals and disabling magic_quotes_gpc allows an attacker to execute arbitrary PHP code via a URL in the IP parameter. The root cause is improper handling of user input in the R...
CVE-2010-2676
Open Web Analytics (OWA) 1.2.3 is affected by multiple directory traversal flaws in index.php, exploitable via the owa_action and owa_do parameters. The underlying issue allows remote attackers to read arbitrary files, as described in CVE-2010-2676. Attack surface is network-exposed and does not ...
Open Web Analytics 1.2.3 Local / Remote File Inclusion
=========================================================================== Topic : Open Web Analytics 1.2.3 Bug type : multi file include Download : http://downloads.openwebanalytics.com/owa/owa123.tar Advisory : =========================================================================== Author ...
Open Web Analytics 1.2.3 multi file include
Exploit for php platform in category web applications =========================================== Open Web Analytics 1.2.3 multi file include =========================================== =========================================================================== Topic : Open Web Analytics 1.2.3 Bu...
Open Web Analytics 1.2.3 - Multiple File Inclusions
Open Web Analytics 1.2.3 - Multiple File Inclusions =========================================================================== Topic : Open Web Analytics 1.2.3 Bug type : multi file include Download : http://downloads.openwebanalytics.com/owa/owa123.tar Advisory :...