Lucene search
K

98 matches found

Prion
Prion
added 2011/05/20 10:55 p.m.14 views

Authentication flaw

Login.aspx in the SmarterTools SmarterStats 6.0 web server generates a ctl00$MPH$txtPassword password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation...

7.5CVSS7.6AI score0.03913EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2011/05/20 10:55 p.m.13 views

Design/Logic Flaw

The 1 Admin/frmEmailReportSettings.aspx, 2 Admin/frmGeneralSettings.aspx, 3 Admin/frmSite.aspx, 4 Client/frmUser.aspx, and 5 Login.aspx components in the SmarterTools SmarterStats 6.0 web server accept cleartext passwords, which makes it easier for remote attackers to obtain sensitive information...

5CVSS6.7AI score0.02667EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2011/05/20 10:55 p.m.14 views

Design/Logic Flaw

The SmarterTools SmarterStats 6.0 web server allows remote attackers to obtain directory listings via a direct request for the 1 Admin/, 2 Admin/Defaults/, 3 Admin/GettingStarted/, 4 Admin/Popups/, 5 AppThemes/, 6 Client/, 7 Client/Popups/, 8 Services/, 9 Temp/, 10 UserControls/, 11...

5CVSS7AI score0.0264EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2011/05/20 10:55 p.m.11 views

Design/Logic Flaw

The 1 Admin/frmEmailReportSettings.aspx and 2 Admin/frmGeneralSettings.aspx components in the SmarterTools SmarterStats 6.0 web server generate web pages containing e-mail addresses, which allows remote attackers to obtain potentially sensitive information by reading the default values of form...

5CVSS6.8AI score0.0264EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2011/05/20 10:55 p.m.24 views

Cross site scripting

Login.aspx in the SmarterTools SmarterStats 6.0 web server supports URLs containing txtUser and txtPass parameters in the query string, which makes it easier for context-dependent attackers to discover credentials by reading 1 web-server access logs, 2 web-server Referer logs, or 3 the browser...

5CVSS7AI score0.02014EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2011/05/20 10:55 p.m.18 views

Design/Logic Flaw

The SmarterTools SmarterStats 6.0 web server omits the Content-Type header for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving 1 Admin/Defaults/frmDefaultSiteSettings.aspx, 2...

10CVSS7.3AI score0.04377EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2011/05/20 10:0 p.m.20 views

CVE-2011-2150

The SmarterTools SmarterStats 6.0 web server does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service parsing error and daemon pause via vectors involving 1 certain cookies in a SiteInfoLookup action to...

6.7AI score0.03024EPSS
Exploits0References4
CVE
CVE
added 2011/05/20 10:0 p.m.51 views

CVE-2011-2154

CVE-2011-2154 affects SmarterTools SmarterStats 6.0 web server. The loginsettings cookie is missing the HTTPOnly flag in the Set-Cookie header, allowing potential script access to the cookie and exposure of sensitive information. The available data from NVD lists a CVSS v2 base score of 5.0 (Medi...

5CVSS6.3AI score0.02667EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2011/05/20 10:0 p.m.24 views

CVE-2011-2151

The 1 Admin/frmEmailReportSettings.aspx, 2 Admin/frmGeneralSettings.aspx, 3 Admin/frmSite.aspx, 4 Client/frmUser.aspx, and 5 Login.aspx components in the SmarterTools SmarterStats 6.0 web server accept cleartext passwords, which makes it easier for remote attackers to obtain sensitive information...

6.2AI score0.02667EPSS
Exploits0References5
Cvelist
Cvelist
added 2011/05/20 10:0 p.m.26 views

CVE-2011-2158

The SmarterTools SmarterStats 6.0 web server sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving 1 Admin/frmSite.aspx, 2 Admin/frmSites.aspx, 3 Admin/frmViewReports.aspx, 4...

6.7AI score0.04384EPSS
Exploits0References5
Cvelist
Cvelist
added 2011/05/20 10:0 p.m.23 views

CVE-2011-2149

Multiple SQL injection vulnerabilities in the SmarterTools SmarterStats 6.0 web server allow remote attackers to execute arbitrary SQL commands via certain parameters to 1 Admin/frmSite.aspx, 2 Default.aspx, 3 Services/SiteAdmin.asmx, or 4 Client/frmViewReports.aspx; certain cookies to 5...

8.5AI score0.0235EPSS
Exploits0References4
Cvelist
Cvelist
added 2011/05/20 10:0 p.m.17 views

CVE-2011-2156

The SmarterTools SmarterStats 6.0 web server allows remote attackers to obtain directory listings via a direct request for the 1 Admin/, 2 Admin/Defaults/, 3 Admin/GettingStarted/, 4 Admin/Popups/, 5 AppThemes/, 6 Client/, 7 Client/Popups/, 8 Services/, 9 Temp/, 10 UserControls/, 11...

6.6AI score0.0264EPSS
Exploits0References4
Cvelist
Cvelist
added 2011/05/20 10:0 p.m.19 views

CVE-2011-2148

Admin/frmSite.aspx in the SmarterTools SmarterStats 6.0 web server allows remote attackers to execute arbitrary commands via vectors involving a leading and trailing & ampersand character, and 1 an STTTState cookie, 2 the ctl00%24MPH%24txtAdminNewPasswordSettingText parameter, 3 the...

7.7AI score0.05321EPSS
Exploits0References4
CVE
CVE
added 2011/05/20 10:0 p.m.49 views

CVE-2011-2155

The CVE-2011-2155 entry concerns SmarterTools SmarterStats 6.0. The vulnerability arises in Login.aspx where a password form field (ctl00$MPH$txtPassword) is generated with autocomplete enabled, which can enable an attacker to bypass authentication when a workstation is left unattended. According...

7.5CVSS7.2AI score0.03913EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2011/05/20 10:0 p.m.47 views

CVE-2011-2153

CVE-2011-2153 affects SmarterTools SmarterStats 6.0 Web server. The vulnerability arises from Login.aspx accepting txtUser/txtPass in the query string, enabling context-dependent attackers to discover credentials by reading server access logs, Referer logs, or browser history (cross-domain Refere...

5CVSS6.7AI score0.02014EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2011/05/20 10:0 p.m.24 views

CVE-2011-2159

The SmarterTools SmarterStats 6.0 web server omits the Content-Type header for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving 1 Admin/Defaults/frmDefaultSiteSettings.aspx, 2...

6.7AI score0.04377EPSS
Exploits0References4
CVE
CVE
added 2011/05/20 10:0 p.m.66 views

CVE-2011-2159

The CVE concerns SmarterTools SmarterStats 6.0 web server that omits the Content-Type header for a defined set of resources (including Admin and Client pages, skin/theme files, config/XML-like files, and sitemap.xml). The root cause is header omission which could allow remote attackers to cause a...

10CVSS6.9AI score0.04377EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2011/05/20 10:0 p.m.26 views

CVE-2011-2154

login.aspx in the SmarterTools SmarterStats 6.0 web server does not include the HTTPOnly flag in a Set-Cookie header for the loginsettings cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...

6.1AI score0.02667EPSS
Exploits0References5
Cvelist
Cvelist
added 2011/05/20 10:0 p.m.20 views

CVE-2011-2152

The SmarterTools SmarterStats 6.0 web server generates web pages containing external links in response to GET requests with query strings for 1 Client/frmViewReports.aspx or 2 UserControls/Popups/frmHelp.aspx, which makes it easier for remote attackers to obtain sensitive information by reading a...

6.1AI score0.0264EPSS
Exploits0References4
CVE
CVE
added 2011/05/20 10:0 p.m.55 views

CVE-2011-2158

The CVE-2011-2158 entry concerns SmarterTools SmarterStats 6.0: the web server may send incorrect Content-Type headers for several resources (Admin/frmSite.aspx, Admin/frmSites.aspx, Admin/frmViewReports.aspx, App_Themes/AboutThisFolder.txt, Client/frmViewReports.aspx, Temp/AboutThisFolder.txt, d...

10CVSS6.9AI score0.04384EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder